Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer Doesn't Run At Startup & Closes Itself If Manually Opened!


  • This topic is locked This topic is locked
20 replies to this topic

#1 Tixylix

Tixylix

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 24 December 2007 - 07:15 AM

Please keep in mind that if I cannot access something via using the 'run' command in the Task Manager that I will not be able to do it, running downloaded files/installing things is okay though, just nothing in explorer!

About three days ago I turned on my computer to update my iPod to find it really, really slow - it was fine a couple of hours before hand, but now all of a sudden it was bad, I did the usual registry/virus/spyware sweep and deleted a couple of low to medium risk items, restarted my computer only to find that explorer would not load, though I had gained back some speed, it was still a little slower than usual, I accessed Task Manager to manually run 'explorer.exe' and thought everything was going fine until about 20 seconds later when it closed itself, it did this again, and again, until I decided to come here. Another virus/spyware scan with CA showed nothing and using the 'STINGER' program found just as little... nothing!

Here is my current, as in, 30 seconds ago HijackThis log... I promise not to touch anything until you reply! :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14, on 2007-12-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebca.exe
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PaperCut NG Client] C:\Program Files\PaperCut NG Client\pc-client.exe /silent /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PASPortal.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101857210422
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = peninsula.vic.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = peninsula.vic.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{886C52E5-66A5-4AAC-9B72-215E291A445E}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = peninsula.vic.edu.au
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: MaxBackServiceInt - Logitech Inc. - (no file)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11485 bytes


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:05 AM

Posted 24 December 2007 - 09:32 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
You should be able to follow these steps through your task manager, but let me know if you run into problems.

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Tixylix

Tixylix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 24 December 2007 - 08:19 PM

ComboFix 07-12-21.4 - SHOLLAND 2007-12-25  9:19:20.2 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.2.1252.61.1033.18.464 [GMT 11:00]

Running from: C:\Documents and Settings\sholland\Desktop\ComboFix.exe

.



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\WINDOWS\system32\acbeg.ini

C:\WINDOWS\system32\acbeg.ini2

C:\WINDOWS\system32\gebca.dll



.

(((((((((((((((((((((((((   Files Created from 2007-11-25 to 2007-12-25  )))))))))))))))))))))))))))))))

.



2007-12-24 23:45 . 2007-12-24 23:46	11,333,632	--a------	C:\WINDOWS\cfgmng32 .exe

2007-12-24 23:07 . 2007-12-24 23:07	17	--a------	C:\stinger.opt

2007-12-24 22:37 . 2007-12-24 22:38	1,953,799	--a------	C:\stinger.exe

2007-12-24 21:26 . 2007-12-25 09:47	48,654	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k0

2007-12-24 21:26 . 2007-12-25 09:48	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k7

2007-12-24 21:26 . 2007-12-25 09:48	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k6

2007-12-24 21:26 . 2007-12-25 09:48	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k5

2007-12-24 21:26 . 2007-12-25 09:48	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k4

2007-12-24 21:26 . 2007-12-25 09:48	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k3

2007-12-24 21:26 . 2007-12-25 09:48	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k2

2007-12-24 21:26 . 2007-12-25 09:48	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k1

2007-12-24 21:05 . 2007-12-24 21:05	6	--a------	C:\WINDOWS\system32\mkghj.dll

2007-12-24 21:02 . 2007-12-24 22:10	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\CallingID

2007-12-24 21:00 . 2007-12-24 21:00	<DIR>	d--------	C:\Program Files\Common Files\Scanner

2007-12-24 21:00 . 2007-11-23 11:48	879,784	--a------	C:\WINDOWS\system32\drivers\vetefile.sys

2007-12-24 21:00 . 2007-11-23 11:48	108,312	--a------	C:\WINDOWS\system32\drivers\veteboot.sys

2007-12-24 21:00 . 2007-11-23 11:48	99,592	--a------	C:\WINDOWS\system32\isafeif.dll

2007-12-24 21:00 . 2007-11-23 11:48	91,400	--a------	C:\WINDOWS\system32\isafprod.dll

2007-12-24 21:00 . 2007-11-23 11:48	79,424	--a------	C:\WINDOWS\system32\vetredir.dll

2007-12-24 21:00 . 2007-11-23 11:48	32,264	--a------	C:\WINDOWS\system32\drivers\vetmonnt.sys

2007-12-24 21:00 . 2007-11-23 11:48	26,376	--a------	C:\WINDOWS\system32\drivers\vet-filt.sys

2007-12-24 21:00 . 2007-11-23 11:48	21,512	--a------	C:\WINDOWS\system32\drivers\vetfddnt.sys

2007-12-24 21:00 . 2007-11-23 11:48	21,128	--a------	C:\WINDOWS\system32\drivers\vet-rec.sys

2007-12-24 20:59 . 2007-12-25 09:10	11,825,152	--a------	C:\WINDOWS\cfgmng32.exe

2007-12-24 20:59 . 2007-12-24 20:59	2,732,032	--a------	C:\WINDOWS\system32\win32cpr.dll

2007-12-24 20:59 . 2007-11-14 12:26	1,830,912	--a------	C:\WINDOWS\system32\winsflte.dll

2007-12-24 20:59 . 2007-12-24 20:59	1,564,771	--a------	C:\WINDOWS\system32\winsflt.dll

2007-12-24 20:59 . 2007-11-14 12:34	1,212,416	--a------	C:\WINDOWS\system32\mdmcls32.exe

2007-12-24 20:59 . 2007-11-14 12:35	823,296	--a------	C:\WINDOWS\system32\svcprs32.exe

2007-12-24 20:58 . 2007-12-24 20:59	<DIR>	d--------	C:\WINDOWS\rnapxs

2007-12-24 20:58 . 2002-01-01 13:02	7,440	--a------	C:\WINDOWS\system32\sporder.dll

2007-12-24 20:52 . 2007-12-24 21:00	<DIR>	d--------	C:\Program Files\CA

2007-12-24 20:52 . 2007-12-24 21:20	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\CA

2007-12-24 18:19 . 2007-12-24 18:19	532,480	--a------	C:\cwshredder.exe

2007-12-24 18:09 . 2007-12-24 18:09	335,992	--a------	C:\Dial-a-fix-v0.60.0.24.zip

2007-12-24 17:49 . 2007-12-25 09:10	479,232	--a------	C:\WINDOWS\system32\gebca.exe

2007-12-24 17:49 . 2007-12-24 19:14	15,360	--a------	C:\WINDOWS\system32\ctfmon .exe

2007-12-24 16:07 . 2007-12-24 16:01	102,664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys

2007-12-24 16:01 . 2007-12-24 16:09	<DIR>	d--------	C:\Documents and Settings\sholland\.housecall6.6

2007-12-24 15:55 . 2007-12-24 15:55	<DIR>	d--------	C:\VundoFix Backups

2007-12-24 15:53 . 2007-12-24 15:53	132,608	--a------	C:\VundoFix.exe

2007-12-24 12:37 . 2007-12-24 12:37	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\Grisoft

2007-12-24 12:34 . 2007-12-24 12:34	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Grisoft

2007-12-24 12:34 . 2007-05-30 23:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-12-24 12:08 . 2007-12-24 11:43	12,413,440	--a------	C:\avgas-setup-7.5.1.43.exe

2007-12-24 11:38 . 2007-12-24 11:37	107,640	--a------	C:\OiUninstaller.exe

2007-12-24 11:33 . 2007-12-24 11:33	<DIR>	d--------	C:\Program Files\Trend Micro

2007-12-24 11:28 . 2007-12-24 11:29	812,344	--a------	C:\HJTInstall.exe

2007-12-24 11:22 . 2007-12-24 11:22	479,232	--a------	C:\WINDOWS\system32\RCX3D.tmp

2007-12-23 23:47 . 2007-12-23 23:47	<DIR>	d--------	C:\Program Files\IObit

2007-12-23 23:47 . 2007-12-24 00:03	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-23 22:29 . 2007-12-23 22:29	4	--a------	C:\WINDOWS\system32\wnsm2i.rdb

2007-12-23 20:56 . 2007-12-23 20:56	<DIR>	d--------	C:\Program Files\SpaceMonger

2007-12-23 20:56 . 2007-12-23 20:56	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\SpaceMonger

2007-12-22 22:09 . 2007-12-24 02:18	221,184	--a------	C:\WINDOWS\system32\LVCOMSX .EXE

2007-12-21 13:08 . 2007-12-24 11:08	<DIR>	d--------	C:\Program Files\Weather Watcher

2007-12-20 19:46 . 2007-12-20 19:46	<DIR>	d--------	C:\Program Files\Opera

2007-12-20 09:57 . 2007-12-20 10:20	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\U3

2007-12-18 16:27 . 2007-12-19 12:17	<DIR>	d--------	C:\Program Files\Azureus

2007-12-18 16:27 . 2007-12-24 21:11	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\Azureus

2007-12-18 16:27 . 2007-12-18 16:27	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Azureus

2007-12-18 13:53 . 2007-12-18 13:53	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\BitSpirit

2007-12-16 12:33 . 2007-12-16 12:33	<DIR>	d--------	C:\Program Files\Common Files\Control Panels

2007-12-14 21:16 . 2007-12-14 21:16	<DIR>	d--------	C:\Program Files\Jitbit

2007-12-14 21:16 . 2007-12-14 21:16	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\AutoText

2007-12-14 11:54 . 2007-12-14 11:54	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\FLEXnet

2007-12-14 11:24 . 2007-12-14 11:24	<DIR>	d--------	C:\Program Files\Bonjour

2007-12-14 10:59 . 2007-12-14 10:59	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared

2007-12-11 10:29 . 2007-12-23 13:27	<DIR>	d--------	C:\Program Files\Titan Backup

2007-12-08 15:56 . 2007-12-08 15:56	<DIR>	d--------	C:\Program Files\Western Digital Technologies

2007-12-03 19:08 . 2007-12-03 19:08	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\Ulead Systems

2007-12-03 19:05 . 2007-12-03 19:05	<DIR>	d--------	C:\WINDOWS\system32\windows media

2007-12-03 19:05 . 2007-12-03 19:05	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp

2007-12-03 19:05 . 2007-12-03 19:05	<DIR>	d--------	C:\Program Files\Windows Media Components

2007-12-03 19:04 . 2007-12-03 19:04	<DIR>	d--------	C:\Program Files\Common Files\SONY Digital Images

2007-12-03 19:00 . 2007-12-03 19:00	<DIR>	d--------	C:\Program Files\Common Files\Ulead Systems

2007-12-03 19:00 . 2007-12-03 19:08	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Ulead Systems

2007-12-02 17:29 . 2007-12-02 21:25	<DIR>	d--------	C:\Program Files\MagicISO

2007-12-01 11:16 . 2007-12-01 11:16	<DIR>	d--------	C:\Program Files\Softomate

2007-12-01 11:16 . 2007-12-01 11:16	<DIR>	d--------	C:\cache

2007-11-28 23:00 . 2007-11-28 23:01	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\DemoCreator

2007-11-27 19:51 . 2007-11-27 19:51	<DIR>	d--------	C:\Program Files\Smart Install Maker

2007-11-25 23:14 . 2007-11-25 23:14	<DIR>	d--------	C:\Program Files\Real Alternative

2007-11-25 23:14 . 2007-11-25 23:14	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\Media Player Classic



.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-24 22:51	---------	d-----w	C:\Program Files\Symantec AntiVirus

2007-12-24 22:15	---------	d-----w	C:\Program Files\TextAloud

2007-12-24 22:10	---------	d-----w	C:\Program Files\Launch Manager

2007-12-24 10:05	---------	d--h--w	C:\Program Files\InstallShield Installation Information

2007-12-24 10:04	---------	d-----w	C:\Program Files\Common Files\InstallShield

2007-12-24 10:01	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard

2007-12-23 23:27	---------	d-----w	C:\Program Files\LIVEUPDATE

2007-12-23 23:03	---------	d-----w	C:\Program Files\QuickTime

2007-12-23 23:03	---------	d-----w	C:\Program Files\PaperCut NG Client

2007-12-23 23:02	---------	d-----w	C:\Program Files\Common Files\Symantec Shared

2007-12-23 11:42	---------	d-----w	C:\Program Files\iTunes

2007-12-23 11:41	---------	d-----w	C:\Program Files\MessengerPlus! 3

2007-12-23 04:18	---------	d-----w	C:\Program Files\Sony

2007-12-23 03:34	---------	d-----w	C:\Program Files\UBISOFT

2007-12-23 03:25	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help

2007-12-23 02:51	---------	d-----w	C:\Program Files\Mgboss

2007-12-22 05:52	---------	d-----w	C:\Program Files\Mozilla Thunderbird

2007-12-21 07:00	---------	d-----w	C:\Program Files\MSN-History

2007-12-20 09:16	---------	d-----w	C:\Program Files\Macromedia

2007-12-18 14:22	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-16 05:42	---------	d-----w	C:\Program Files\Paint.NET

2007-12-16 01:31	---------	d-----w	C:\Program Files\Common Files\Adobe

2007-12-04 05:15	---------	d-----w	C:\Program Files\Apple Software Update

2007-12-03 08:00	---------	d-----w	C:\Program Files\Ulead Systems

2007-12-01 10:40	---------	d-----w	C:\Program Files\Google

2007-12-01 07:23	---------	d-----w	C:\Program Files\iPod

2007-11-28 12:00	---------	d-----w	C:\Program Files\Wondershare

2007-11-27 07:43	---------	d-----w	C:\Documents and Settings\sholland\Application Data\Publish Providers

2007-11-24 10:57	---------	d-----w	C:\Program Files\Mozilla Sunbird

2007-11-19 10:34	---------	d-----w	C:\Program Files\Canon

2007-11-18 02:18	---------	d-----w	C:\Documents and Settings\sholland\Application Data\Screaming Bee

2007-11-18 02:18	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Screaming Bee

2007-11-18 02:15	---------	d-----w	C:\Program Files\Screaming Bee

2007-11-18 02:15	---------	d-----w	C:\Program Files\Common Files\Screaming Bee

2007-11-06 07:56	---------	d-----w	C:\Documents and Settings\All Users\Application Data\GRETECH

2007-11-06 07:55	---------	d-----w	C:\Documents and Settings\sholland\Application Data\GRETECH

2007-11-06 07:53	---------	d-----w	C:\Program Files\GRETECH

2007-11-02 07:05	---------	d-----w	C:\Program Files\A-one DVD Ripper

2007-11-02 01:09	65,552	----a-w	C:\WINDOWS\system32\drivers\KmxSbx.sys

2007-08-11 03:05	92,064	----a-w	C:\Documents and Settings\sholland\mqdmmdm.sys

2007-08-11 03:05	9,232	----a-w	C:\Documents and Settings\sholland\mqdmmdfl.sys

2007-08-11 03:05	79,328	----a-w	C:\Documents and Settings\sholland\mqdmserd.sys

2007-08-11 03:05	66,656	----a-w	C:\Documents and Settings\sholland\mqdmbus.sys

2007-08-11 03:05	6,208	----a-w	C:\Documents and Settings\sholland\mqdmcmnt.sys

2007-08-11 03:05	5,936	----a-w	C:\Documents and Settings\sholland\mqdmwhnt.sys

2007-08-11 03:05	4,048	----a-w	C:\Documents and Settings\sholland\mqdmcr.sys

2007-08-11 03:05	25,600	----a-w	C:\Documents and Settings\sholland\usbsermptxp.sys

2007-08-11 03:05	22,768	----a-w	C:\Documents and Settings\sholland\usbsermpt.sys

2006-08-05 07:20	0	-c--a-w	C:\Program Files\gditst

2006-06-23 04:05	128	----a-w	C:\Program Files\hummer1210.txt

2006-06-23 04:05	128	----a-w	C:\Program Files\hummer0707.txt

2006-06-23 04:05	128	----a-w	C:\Program Files\hummer050707.txt

2006-06-23 04:05	128	----a-w	C:\Program Files\hummer0203.txt

2004-11-22 00:42	34	-c--a-w	C:\Program Files\script.bat

2004-08-03 14:56	343,040	----a-w	C:\Program Files\mspaint.exe

2004-08-03 14:56	524	--sh--r	C:\WINDOWS\sscfgwin.sys

.



(((((((((((((((((((((((((((((   snapshot@2007-12-24_19.13.56.58   )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-24 10:04:16	8,854	----a-r	C:\WINDOWS\Installer\{084CC1A4-FC1B-4DE7-89BB-A367FC6208A6}\ARPPRODUCTICON.exe

+ 2007-12-24 10:06:51	10,134	----a-r	C:\WINDOWS\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\ARPPRODUCTICON.exe

+ 2007-12-24 10:00:40	8,854	----a-r	C:\WINDOWS\Installer\{F05A5232-CE5E-4274-AB27-44EB8105898D}\ARPPRODUCTICON.exe

+ 2007-12-24 12:33:07	24,576	----a-w	C:\WINDOWS\rnapxs\CSDK\urlcache\domainNames.dat

+ 2007-12-24 22:45:44	204,800	----a-w	C:\WINDOWS\rnapxs\CSDK\urlcache\urlCacheDb.dat

+ 2007-12-24 09:59:39	30,720	--sha-w	C:\WINDOWS\rnapxs\rnapxs.dat

+ 2007-02-04 01:27:18	258,352	--s-a-r	C:\WINDOWS\system\unicows.dll

+ 2004-08-03 14:56:50	15,360	----a-w	C:\WINDOWS\system32\ctfmon.exe

+ 2007-05-18 02:30:00	61,960	----a-w	C:\WINDOWS\system32\drivers\KmxAgent.sys

+ 2007-10-17 23:24:46	134,672	----a-w	C:\WINDOWS\system32\drivers\KmxCF.sys

+ 2007-09-13 04:15:06	88,840	----a-w	C:\WINDOWS\system32\drivers\KmxCfg.sys

+ 2007-05-18 02:30:00	45,064	----a-w	C:\WINDOWS\system32\drivers\KmxFile.sys

+ 2007-10-18 03:21:02	114,704	----a-w	C:\WINDOWS\system32\drivers\KmxFw.sys

+ 2007-10-17 23:24:46	93,712	----a-w	C:\WINDOWS\system32\drivers\KmxStart.sys

+ 2007-08-01 22:09:40	117,264	----a-w	C:\WINDOWS\system32\UmxSbxExw.dll

+ 2007-08-01 22:09:40	256,528	----a-w	C:\WINDOWS\system32\UmxSbxw.dll

+ 2007-05-18 02:30:00	79,368	----a-w	C:\WINDOWS\system32\UmxWNP.dll

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20AC61B1-19AE-4111-B219-909811AFDC07}]

2007-12-25 11:46	365056	--a------	C:\WINDOWS\system32\gebca.dll



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" []



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32]

"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" []

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []

"SoundMan"="SOUNDMAN.EXE" [2004-05-14 18:47 C:\WINDOWS\SOUNDMAN.EXE]

"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 03:41 C:\WINDOWS\AGRSMMSG.exe]

"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2007-12-25 11:49]

"EPM-DM"="c:\acer\epm\epm-dm.exe" []

"ePowerManagement"="C:\Acer\ePM\ePM.exe" []

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" []

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" []

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" []

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" []

"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" []

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" []

"PaperCut NG Client"="C:\Program Files\PaperCut NG Client\pc-client.exe" []

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" []

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []

"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-12-25 11:50]

"dvHighMem"="C:\WINDOWS\cfgmng32.exe" [2007-12-25 11:51]

"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-12-25 11:51]

"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe" [2007-12-25 11:52]

"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-11-22 15:47]

"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-11-22 15:47]

"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-11-22 15:47]



C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

PASPortal.lnk - C:\WINDOWS\Installer\{53CBBD51-88E8-44AD-9F3F-D072743E835E}\NewShortcut1.exe [2004-12-07 12:51:06]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideStartupScripts"= 0 (0x0)

"RunLogonScriptSync"= 1 (0x1)



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableChangePassword"= 1 (0x1)



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSecurityTab"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

"EnableShellExecuteHooks"= 1 (0x1)



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisallowRun"= 1 (0x1)

"NoLogOff"= 0 (0x0)

"NoSecurityTab"= 1 (0x1)

"NoUserNameInStartMenu"= 01000000

"ForceStartMenuLogOff"= 1 (0x1)

"DisablePersonalDirChange"= 1 (0x1)



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]

"1"= mstsc.exe

"2"= StyleXPInstallFemale.exe

"3"= StyleXPInstallMale.exe

"4"= StyleXPUpdate.exe

"5"= P2P Networking.exe

"6"= kmd.exe

"7"= kazaa.exe

"8"= netmsg.exe

"9"= conf.exe

"10"= Network Messenger.exe

"11"= elma.exe

"12"= logonstudio.exe

"15"= StyleXPinstall.exe

"16"= firefly.exe

"17"= msgr.exe

"18"= bosskey.exe

"19"= imeshclient.exe

"20"= iMeshV4.exe

"21"= ObjectDock.exe

"22"= kpp.exe

"23"= klrun.exe

"24"= warez.exe

"25"= limewire.exe

"26"= limewir.exe

"27"= LimeWireWin.exe

"28"= xxx.exe

"29"= beareshare.exe

"30"= bsinstall.exe

"31"= bsproinstall.exe

"32"= xxx2.exe

"33"= msnmsgr.exe

"34"= msgr.exe



[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [2007-10-15 21:40 1373624]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efedc]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-05-25 16:22 63040 C:\WINDOWS\system32\LMIinit.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]

UmxWnp.Dll 2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyayay]

xxyayay.dll



[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]

"load"=C:\WINDOWS\system32\gebca.exe



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages	REG_MULTI_SZ   	msv1_0 C:\WINDOWS\system32\gebca



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-12-23 22:42	835584	--a------	C:\Program Files\iTunes\iTunesHelper.exe

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2006-12-28 10:24	20480	--a------	C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

			C:\Program Files\Logitech\Video\ManifestEngine.exe boot

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2007-12-23 22:41	962560	--a------	C:\Program Files\Logitech\Video\ISStart.exe 

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-06-08 16:14	217088	--a------	C:\Program Files\Logitech\Video\LogiTray.exe

			

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

2007-12-23 22:41	708608	--a------	C:\Program Files\MessengerPlus! 3\MsgPlus.exe



R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 10:24]

R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 13:30]

R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 13:30]

R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 14:21]

R1 LADriver;LADriver;C:\WINDOWS\system32\drivers\LADriver.sys [2005-09-22 05:12]

R1 LDDriver;LDDriver;C:\WINDOWS\system32\drivers\LDDriver.sys [2005-09-22 04:17]

R1 LHDriver;LHDriver;C:\WINDOWS\system32\drivers\LHDriver.sys [2005-09-22 05:21]

R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-18 00:57]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-08-14 20:59]

R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 10:24]

R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 12:09]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 12:55]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 11:50]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 11:50]

R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys [2002-11-20 19:29]

R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 15:15]

R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-04-17 15:00]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-11-14 18:30]

R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-04 10:07]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []

S2 PASCO;PASCO PASPORT USB Driver (PSSensor.sys);C:\WINDOWS\system32\Drivers\PSSensor.sys [2002-07-17 08:29]

S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\sholland\LOCALS~1\Temp\iMSPCLOj.sys []

S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2007-03-07 22:44]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\LaunchU3.exe -a



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22dc040-93a8-11db-9c99-000e359e5564}]

\Shell\AutoRun\command - G:\Launcher.exe



.

Contents of the 'Scheduled Tasks' folder

"2007-12-15 08:29:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-12-24 10:01:01 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as SHOLLAND at 21 01.job"

- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe

"2006-10-10 23:21:20 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"

.

**************************************************************************



catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-25 11:45:58

Windows 5.1.2600 Service Pack 2 NTFS



scanning hidden processes ... 



scanning hidden autostart entries ...



scanning hidden files ... 



C:\WINDOWS\system32\acbeg.ini 319 bytes

C:\WINDOWS\system32\acbeg.ini2 319 bytes



scan completed successfully 

hidden files: 2 



**************************************************************************

.

Completion time: 2007-12-25 12:00:18 - machine was rebooted

C:\ComboFix2.txt ... 2007-12-24 19:20

.

2007-11-19 02:04:24	--- E O F ---


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:05 AM

Posted 25 December 2007 - 01:20 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.


Folder::
C:\VundoFix Backups

File::
C:\WINDOWS\cfgmng32 .exe
C:\WINDOWS\system32\mkghj.dll
C:\WINDOWS\cfgmng32.exe
C:\WINDOWS\system32\gebca.exe
C:\WINDOWS\system32\ctfmon .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20AC61B1-19AE-4111-B219-909811AFDC07}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dvHighMem"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efedc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyayay]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Tixylix

Tixylix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 26 December 2007 - 12:51 AM

ComboFix.txt - Located in my C Drive, I think this is what you meant:

ComboFix 07-12-21.4 - SHOLLAND 2007-12-26 10:37:34.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.447 [GMT 11:00]
Running from: C:\Documents and Settings\sholland\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sholland\Desktop\CFScript.txt
 * Created a new restore point

FILE
C:\WINDOWS\cfgmng32 .exe
C:\WINDOWS\cfgmng32.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\gebca.exe
C:\WINDOWS\system32\mkghj.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\acbeg.ini.bad
C:\VundoFix Backups\acbeg.ini2.bad
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\gebca.dll.bad
C:\VundoFix Backups\gebca.exe.bad
C:\VundoFix Backups\uninstall.exe.bad
C:\WINDOWS\cfgmng32 .exe
C:\WINDOWS\cfgmng32.exe
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\gebca.exe
C:\WINDOWS\system32\mkghj.dll

.
(((((((((((((((((((((((((   Files Created from 2007-11-26 to 2007-12-26  )))))))))))))))))))))))))))))))
.

2007-12-25 20:08 . 2007-12-25 20:08	0	--a------	C:\WINDOWS\system32\access.tmp
2007-12-25 11:48 . 2004-08-03 23:32	455,168	--a--c---	C:\WINDOWS\system32\dllcache\tintsetp.exe
2007-12-24 23:07 . 2007-12-24 23:07	17	--a------	C:\stinger.opt
2007-12-24 22:37 . 2007-12-24 22:38	1,953,799	--a------	C:\stinger.exe
2007-12-24 21:26 . 2007-12-26 11:05	56,030	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-12-24 21:26 . 2007-12-26 11:05	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-12-24 21:26 . 2007-12-26 11:05	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-12-24 21:26 . 2007-12-26 11:05	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-12-24 21:26 . 2007-12-26 11:05	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-12-24 21:26 . 2007-12-26 11:05	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-12-24 21:26 . 2007-12-26 11:05	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-12-24 21:26 . 2007-12-26 11:05	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-12-24 21:02 . 2007-12-24 22:10	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\CallingID
2007-12-24 21:00 . 2007-12-24 21:00	<DIR>	d--------	C:\Program Files\Common Files\Scanner
2007-12-24 21:00 . 2007-11-23 11:48	879,784	--a------	C:\WINDOWS\system32\drivers\vetefile.sys
2007-12-24 21:00 . 2007-11-23 11:48	108,312	--a------	C:\WINDOWS\system32\drivers\veteboot.sys
2007-12-24 21:00 . 2007-11-23 11:48	99,592	--a------	C:\WINDOWS\system32\isafeif.dll
2007-12-24 21:00 . 2007-11-23 11:48	91,400	--a------	C:\WINDOWS\system32\isafprod.dll
2007-12-24 21:00 . 2007-11-23 11:48	79,424	--a------	C:\WINDOWS\system32\vetredir.dll
2007-12-24 21:00 . 2007-11-23 11:48	32,264	--a------	C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-12-24 21:00 . 2007-11-23 11:48	26,376	--a------	C:\WINDOWS\system32\drivers\vet-filt.sys
2007-12-24 21:00 . 2007-11-23 11:48	21,512	--a------	C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-12-24 21:00 . 2007-11-23 11:48	21,128	--a------	C:\WINDOWS\system32\drivers\vet-rec.sys
2007-12-24 20:59 . 2007-12-24 20:59	2,732,032	--a------	C:\WINDOWS\system32\win32cpr.dll
2007-12-24 20:59 . 2007-11-14 12:26	1,830,912	--a------	C:\WINDOWS\system32\winsflte.dll
2007-12-24 20:59 . 2007-12-24 20:59	1,564,771	--a------	C:\WINDOWS\system32\winsflt.dll
2007-12-24 20:59 . 2007-11-14 12:34	1,212,416	--a------	C:\WINDOWS\system32\mdmcls32.exe
2007-12-24 20:59 . 2007-11-14 12:35	823,296	--a------	C:\WINDOWS\system32\svcprs32.exe
2007-12-24 20:58 . 2007-12-24 20:59	<DIR>	d--------	C:\WINDOWS\rnapxs
2007-12-24 20:58 . 2002-01-01 13:02	7,440	--a------	C:\WINDOWS\system32\sporder.dll
2007-12-24 20:52 . 2007-12-24 21:00	<DIR>	d--------	C:\Program Files\CA
2007-12-24 20:52 . 2007-12-24 21:20	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\CA
2007-12-24 18:19 . 2007-12-24 18:19	532,480	--a------	C:\cwshredder.exe
2007-12-24 18:09 . 2007-12-24 18:09	335,992	--a------	C:\Dial-a-fix-v0.60.0.24.zip
2007-12-24 16:07 . 2007-12-24 16:01	102,664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-24 16:01 . 2007-12-24 16:09	<DIR>	d--------	C:\Documents and Settings\sholland\.housecall6.6
2007-12-24 15:53 . 2007-12-24 15:53	132,608	--a------	C:\VundoFix.exe
2007-12-24 12:37 . 2007-12-24 12:37	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\Grisoft
2007-12-24 12:34 . 2007-12-24 12:34	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 12:34 . 2007-05-30 23:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-24 12:08 . 2007-12-24 11:43	12,413,440	--a------	C:\avgas-setup-7.5.1.43.exe
2007-12-24 11:38 . 2007-12-24 11:37	107,640	--a------	C:\OiUninstaller.exe
2007-12-24 11:33 . 2007-12-24 11:33	<DIR>	d--------	C:\Program Files\Trend Micro
2007-12-24 11:28 . 2007-12-24 11:29	812,344	--a------	C:\HJTInstall.exe
2007-12-24 11:22 . 2007-12-24 11:22	479,232	--a------	C:\WINDOWS\system32\RCX3D.tmp
2007-12-23 23:47 . 2007-12-23 23:47	<DIR>	d--------	C:\Program Files\IObit
2007-12-23 23:47 . 2007-12-24 00:03	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-23 22:29 . 2007-12-23 22:29	4	--a------	C:\WINDOWS\system32\wnsm2i.rdb
2007-12-23 20:56 . 2007-12-23 20:56	<DIR>	d--------	C:\Program Files\SpaceMonger
2007-12-23 20:56 . 2007-12-23 20:56	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\SpaceMonger
2007-12-22 22:09 . 2007-12-24 02:18	221,184	--a------	C:\WINDOWS\system32\LVCOMSX .EXE
2007-12-21 13:08 . 2007-12-24 11:08	<DIR>	d--------	C:\Program Files\Weather Watcher
2007-12-20 19:46 . 2007-12-20 19:46	<DIR>	d--------	C:\Program Files\Opera
2007-12-20 09:57 . 2007-12-20 10:20	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\U3
2007-12-18 16:27 . 2007-12-19 12:17	<DIR>	d--------	C:\Program Files\Azureus
2007-12-18 16:27 . 2007-12-24 21:11	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\Azureus
2007-12-18 16:27 . 2007-12-18 16:27	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-18 13:53 . 2007-12-18 13:53	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\BitSpirit
2007-12-16 12:33 . 2007-12-16 12:33	<DIR>	d--------	C:\Program Files\Common Files\Control Panels
2007-12-14 21:16 . 2007-12-14 21:16	<DIR>	d--------	C:\Program Files\Jitbit
2007-12-14 21:16 . 2007-12-14 21:16	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\AutoText
2007-12-14 11:54 . 2007-12-14 11:54	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-14 11:24 . 2007-12-14 11:24	<DIR>	d--------	C:\Program Files\Bonjour
2007-12-14 10:59 . 2007-12-14 10:59	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
2007-12-11 10:29 . 2007-12-23 13:27	<DIR>	d--------	C:\Program Files\Titan Backup
2007-12-08 15:56 . 2007-12-08 15:56	<DIR>	d--------	C:\Program Files\Western Digital Technologies
2007-12-03 19:08 . 2007-12-03 19:08	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\Ulead Systems
2007-12-03 19:05 . 2007-12-03 19:05	<DIR>	d--------	C:\WINDOWS\system32\windows media
2007-12-03 19:05 . 2007-12-03 19:05	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp
2007-12-03 19:05 . 2007-12-03 19:05	<DIR>	d--------	C:\Program Files\Windows Media Components
2007-12-03 19:04 . 2007-12-03 19:04	<DIR>	d--------	C:\Program Files\Common Files\SONY Digital Images
2007-12-03 19:00 . 2007-12-03 19:00	<DIR>	d--------	C:\Program Files\Common Files\Ulead Systems
2007-12-03 19:00 . 2007-12-03 19:08	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-02 17:29 . 2007-12-02 21:25	<DIR>	d--------	C:\Program Files\MagicISO
2007-12-01 11:16 . 2007-12-01 11:16	<DIR>	d--------	C:\Program Files\Softomate
2007-12-01 11:16 . 2007-12-01 11:16	<DIR>	d--------	C:\cache
2007-11-28 23:00 . 2007-11-28 23:01	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\DemoCreator
2007-11-27 19:51 . 2007-11-27 19:51	<DIR>	d--------	C:\Program Files\Smart Install Maker

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 00:09	---------	d-----w	C:\Program Files\Symantec AntiVirus
2007-12-25 23:17	---------	d-----w	C:\Program Files\TextAloud
2007-12-25 23:16	---------	d-----w	C:\Program Files\Launch Manager
2007-12-24 10:05	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-12-24 10:04	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-12-24 10:01	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 23:27	---------	d-----w	C:\Program Files\LIVEUPDATE
2007-12-23 23:03	---------	d-----w	C:\Program Files\QuickTime
2007-12-23 23:03	---------	d-----w	C:\Program Files\PaperCut NG Client
2007-12-23 23:02	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2007-12-23 11:42	---------	d-----w	C:\Program Files\iTunes
2007-12-23 11:41	---------	d-----w	C:\Program Files\MessengerPlus! 3
2007-12-23 04:18	---------	d-----w	C:\Program Files\Sony
2007-12-23 03:34	---------	d-----w	C:\Program Files\UBISOFT
2007-12-23 03:25	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-23 02:51	---------	d-----w	C:\Program Files\Mgboss
2007-12-22 05:52	---------	d-----w	C:\Program Files\Mozilla Thunderbird
2007-12-21 07:00	---------	d-----w	C:\Program Files\MSN-History
2007-12-20 09:16	---------	d-----w	C:\Program Files\Macromedia
2007-12-18 14:22	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-16 05:42	---------	d-----w	C:\Program Files\Paint.NET
2007-12-16 01:31	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-12-04 05:15	---------	d-----w	C:\Program Files\Apple Software Update
2007-12-03 08:00	---------	d-----w	C:\Program Files\Ulead Systems
2007-12-01 10:40	---------	d-----w	C:\Program Files\Google
2007-12-01 07:23	---------	d-----w	C:\Program Files\iPod
2007-11-28 12:00	---------	d-----w	C:\Program Files\Wondershare
2007-11-27 07:43	---------	d-----w	C:\Documents and Settings\sholland\Application Data\Publish Providers
2007-11-25 12:14	---------	d-----w	C:\Program Files\Real Alternative
2007-11-25 12:14	---------	d-----w	C:\Documents and Settings\sholland\Application Data\Media Player Classic
2007-11-24 10:57	---------	d-----w	C:\Program Files\Mozilla Sunbird
2007-11-19 10:34	---------	d-----w	C:\Program Files\Canon
2007-11-18 02:18	---------	d-----w	C:\Documents and Settings\sholland\Application Data\Screaming Bee
2007-11-18 02:18	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Screaming Bee
2007-11-18 02:15	---------	d-----w	C:\Program Files\Screaming Bee
2007-11-18 02:15	---------	d-----w	C:\Program Files\Common Files\Screaming Bee
2007-11-06 07:56	---------	d-----w	C:\Documents and Settings\All Users\Application Data\GRETECH
2007-11-06 07:55	---------	d-----w	C:\Documents and Settings\sholland\Application Data\GRETECH
2007-11-06 07:53	---------	d-----w	C:\Program Files\GRETECH
2007-11-02 07:05	---------	d-----w	C:\Program Files\A-one DVD Ripper
2007-11-02 01:09	65,552	----a-w	C:\WINDOWS\system32\drivers\KmxSbx.sys
2007-08-11 03:05	92,064	----a-w	C:\Documents and Settings\sholland\mqdmmdm.sys
2007-08-11 03:05	9,232	----a-w	C:\Documents and Settings\sholland\mqdmmdfl.sys
2007-08-11 03:05	79,328	----a-w	C:\Documents and Settings\sholland\mqdmserd.sys
2007-08-11 03:05	66,656	----a-w	C:\Documents and Settings\sholland\mqdmbus.sys
2007-08-11 03:05	6,208	----a-w	C:\Documents and Settings\sholland\mqdmcmnt.sys
2007-08-11 03:05	5,936	----a-w	C:\Documents and Settings\sholland\mqdmwhnt.sys
2007-08-11 03:05	4,048	----a-w	C:\Documents and Settings\sholland\mqdmcr.sys
2007-08-11 03:05	25,600	----a-w	C:\Documents and Settings\sholland\usbsermptxp.sys
2007-08-11 03:05	22,768	----a-w	C:\Documents and Settings\sholland\usbsermpt.sys
2006-08-05 07:20	0	-c--a-w	C:\Program Files\gditst
2006-06-23 04:05	128	----a-w	C:\Program Files\hummer1210.txt
2006-06-23 04:05	128	----a-w	C:\Program Files\hummer0707.txt
2006-06-23 04:05	128	----a-w	C:\Program Files\hummer050707.txt
2006-06-23 04:05	128	----a-w	C:\Program Files\hummer0203.txt
2004-11-22 00:42	34	-c--a-w	C:\Program Files\script.bat
2004-08-03 14:56	343,040	----a-w	C:\Program Files\mspaint.exe
2004-08-03 14:56	524	--sh--r	C:\WINDOWS\sscfgwin.sys
.

(((((((((((((((((((((((((((((   snapshot@2007-12-24_19.13.56.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-24 10:04:16	8,854	----a-r	C:\WINDOWS\Installer\{084CC1A4-FC1B-4DE7-89BB-A367FC6208A6}\ARPPRODUCTICON.exe
+ 2007-12-24 10:06:51	10,134	----a-r	C:\WINDOWS\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\ARPPRODUCTICON.exe
+ 2007-12-24 10:00:40	8,854	----a-r	C:\WINDOWS\Installer\{F05A5232-CE5E-4274-AB27-44EB8105898D}\ARPPRODUCTICON.exe
+ 2007-12-26 00:01:23	36,864	----a-w	C:\WINDOWS\rnapxs\CSDK\urlcache\domainNames.dat
+ 2007-12-26 00:01:23	303,104	----a-w	C:\WINDOWS\rnapxs\CSDK\urlcache\urlCacheDb.dat
+ 2007-12-24 09:59:39	30,720	--sha-w	C:\WINDOWS\rnapxs\rnapxs.dat
+ 2007-02-04 01:27:18	258,352	--s-a-r	C:\WINDOWS\system\unicows.dll
+ 2004-08-03 14:56:50	15,360	----a-w	C:\WINDOWS\system32\ctfmon.exe
+ 2007-05-18 02:30:00	61,960	----a-w	C:\WINDOWS\system32\drivers\KmxAgent.sys
+ 2007-10-17 23:24:46	134,672	----a-w	C:\WINDOWS\system32\drivers\KmxCF.sys
+ 2007-09-13 04:15:06	88,840	----a-w	C:\WINDOWS\system32\drivers\KmxCfg.sys
+ 2007-05-18 02:30:00	45,064	----a-w	C:\WINDOWS\system32\drivers\KmxFile.sys
+ 2007-10-18 03:21:02	114,704	----a-w	C:\WINDOWS\system32\drivers\KmxFw.sys
+ 2007-10-17 23:24:46	93,712	----a-w	C:\WINDOWS\system32\drivers\KmxStart.sys
+ 2007-08-01 22:09:40	117,264	----a-w	C:\WINDOWS\system32\UmxSbxExw.dll
+ 2007-08-01 22:09:40	256,528	----a-w	C:\WINDOWS\system32\UmxSbxw.dll
+ 2007-05-18 02:30:00	79,368	----a-w	C:\WINDOWS\system32\UmxWNP.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD659B28-129C-4DDD-A35C-911FB7DC8949}]
2007-12-26 11:31	365056	--a------	C:\WINDOWS\system32\gebca.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 18:47 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 03:41 C:\WINDOWS\AGRSMMSG.exe]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2007-12-26 11:34]
"EPM-DM"="c:\acer\epm\epm-dm.exe" []
"ePowerManagement"="C:\Acer\ePM\ePM.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" []
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" []
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" []
"PaperCut NG Client"="C:\Program Files\PaperCut NG Client\pc-client.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-12-26 11:34]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-12-26 11:34]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe" [2007-12-26 10:16]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" []
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-11-22 15:47]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-11-22 15:47]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
PASPortal.lnk - C:\WINDOWS\Installer\{53CBBD51-88E8-44AD-9F3F-D072743E835E}\NewShortcut1.exe [2004-12-07 12:51:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideStartupScripts"= 0 (0x0)
"RunLogonScriptSync"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)
"NoLogOff"= 0 (0x0)
"NoSecurityTab"= 1 (0x1)
"NoUserNameInStartMenu"= 01000000
"ForceStartMenuLogOff"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= mstsc.exe
"2"= StyleXPInstallFemale.exe
"3"= StyleXPInstallMale.exe
"4"= StyleXPUpdate.exe
"5"= P2P Networking.exe
"6"= kmd.exe
"7"= kazaa.exe
"8"= netmsg.exe
"9"= conf.exe
"10"= Network Messenger.exe
"11"= elma.exe
"12"= logonstudio.exe
"15"= StyleXPinstall.exe
"16"= firefly.exe
"17"= msgr.exe
"18"= bosskey.exe
"19"= imeshclient.exe
"20"= iMeshV4.exe
"21"= ObjectDock.exe
"22"= kpp.exe
"23"= klrun.exe
"24"= warez.exe
"25"= limewire.exe
"26"= limewir.exe
"27"= LimeWireWin.exe
"28"= xxx.exe
"29"= beareshare.exe
"30"= bsinstall.exe
"31"= bsproinstall.exe
"32"= xxx2.exe
"33"= msnmsgr.exe
"34"= msgr.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [2007-10-15 21:40 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 16:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\gebca.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 C:\WINDOWS\system32\gebca

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-23 22:42	835584	--a------	C:\Program Files\iTunes\iTunesHelper.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-12-28 10:24	20480	--a------	C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
			C:\Program Files\Logitech\Video\ManifestEngine.exe boot
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2007-12-23 22:41	962560	--a------	C:\Program Files\Logitech\Video\ISStart.exe 
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 16:14	217088	--a------	C:\Program Files\Logitech\Video\LogiTray.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2007-12-23 22:41	708608	--a------	C:\Program Files\MessengerPlus! 3\MsgPlus.exe

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 10:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 13:30]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 13:30]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 14:21]
R1 LADriver;LADriver;C:\WINDOWS\system32\drivers\LADriver.sys [2005-09-22 05:12]
R1 LDDriver;LDDriver;C:\WINDOWS\system32\drivers\LDDriver.sys [2005-09-22 04:17]
R1 LHDriver;LHDriver;C:\WINDOWS\system32\drivers\LHDriver.sys [2005-09-22 05:21]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-18 00:57]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-08-14 20:59]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 10:24]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 12:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 12:55]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 11:50]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 11:50]
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-18 10:24]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 10:24]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 13:30]
R2 WinSvchostManager;WinSock Svchost Manager;C:\WINDOWS\system32\svcprs32.exe [2007-11-14 12:35]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys [2002-11-20 19:29]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 15:15]
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-04-17 15:00]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-11-14 18:30]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-04 10:07]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 PASCO;PASCO PASPORT USB Driver (PSSensor.sys);C:\WINDOWS\system32\Drivers\PSSensor.sys [2002-07-17 08:29]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\sholland\LOCALS~1\Temp\iMSPCLOj.sys []
S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-11-22 15:37]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2007-03-07 22:44]
S3 USB11LDR;USB Midi 1x1 Loader;C:\WINDOWS\system32\drivers\usb11ldr.sys [2002-09-25 16:02]
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
S3 USBMM1X1;USB Midi 1x1 USB Driver;C:\WINDOWS\system32\drivers\usbmm1x1.sys [2002-09-25 16:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22dc040-93a8-11db-9c99-000e359e5564}]
\Shell\AutoRun\command - G:\Launcher.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 08:29:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-25 11:09:36 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as SHOLLAND at 21 01.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2006-10-10 23:21:20 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 11:30:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

C:\WINDOWS\system32\gebca.dll 0 bytes
C:\WINDOWS\system32\acbeg.ini 319 bytes
C:\WINDOWS\system32\acbeg.ini2 319 bytes

scan completed successfully 
hidden files: 3 

**************************************************************************
.
Completion time: 2007-12-26 11:42:23 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-25 12:00
C:\ComboFix3.txt ... 2007-12-24 19:20
.
2007-11-19 02:04:24	--- E O F ---

New HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49, on 2007-12-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DataStudio\PASPortal.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebca.exe
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PaperCut NG Client] C:\Program Files\PaperCut NG Client\pc-client.exe /silent /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PASPortal.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101857210422
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = peninsula.vic.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = peninsula.vic.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{886C52E5-66A5-4AAC-9B72-215E291A445E}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = peninsula.vic.edu.au
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: MaxBackServiceInt - Logitech Inc. - (no file)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11681 bytes

Edited by Tixylix, 26 December 2007 - 12:52 AM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:05 AM

Posted 26 December 2007 - 09:16 AM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebca.exe



==============


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


===============


It appears that you are running two antivirus programs at the same time. This can cause some serious issues as well as a very significant slowdown. Please uninstall one of them so that you are only left with one antivirus program.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Tixylix

Tixylix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 26 December 2007 - 09:05 PM

Symantec & Adaware Uninstalled, please note - the uninstallation took place after the SDFix was run, however the HJT log has been updated to after the uninstall.

SD Fix Log

SDFix: Version 1.119

Run by Administrator on Thu 27/12/2007 at 09:21 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
 


								 Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 11:35:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b6b58bc5c]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b6b58f72e]
"0014a48c04d5"=hex:75,98,fd,3b,be,20,46,bb,5f,8d,aa,6c,d0,d4,cd,54
"001adb1683bc"=hex:da,fc,bb,d9,5b,e6,47,28,f0,71,62,bd,02,39,e7,4b
"00149a59555b"=hex:43,3a,52,d9,8b,36,1b,05,bf,34,60,1d,2a,72,37,73
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b6b58bc5c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b6b58f72e]
"0014a48c04d5"=hex:75,98,fd,3b,be,20,46,bb,5f,8d,aa,6c,d0,d4,cd,54
"001adb1683bc"=hex:da,fc,bb,d9,5b,e6,47,28,f0,71,62,bd,02,39,e7,4b
"00149a59555b"=hex:43,3a,52,d9,8b,36,1b,05,bf,34,60,1d,2a,72,37,73

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5DAE7B5E-AF2D-70D1-D7E0-B816994DD383}]
"eanmooehpm"=hex:66,61,68,6e,66,62,64,6e,6d,69,66,69,00,fc
"daanlpei"=hex:64,62,62,6c,6c,61,64,63,67,64,6d,6e,6c,6a,6f,62,61,68,67,66,67,..
"iafobgbmkacbhjbinn"=hex:6a,61,6b,62,65,6e,66,6d,68,65,6f,6a,6a,6e,6b,6e,70,69,6d,66,00,..
"hapkljbpehafklml"=hex:6a,61,6b,62,65,6e,66,6d,68,65,6f,6a,6a,6e,6b,6e,70,69,6d,66,00,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C72A8E68-C6CD-3B64-36E2-B963A4914C92}]
"bbopibbhfmpnmkijpfhehigcchfglgalcpfg"=hex:61,61,00,00
"abopibbhfmpnmkijpfehailnjibfakndlc"=hex:61,61,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D4B0F419-3B9D-3520-9CD1-F79BE82453DE}]
"naddboneiaokcobeaihnkooenifc"=hex:6b,61,6d,65,66,69,67,6d,6a,6e,64,61,6e,6e,65,6c,6f,6b,66,64,6b,..
"majchbkhpjljlfbmkfhgfejkmj"=hex:6b,61,6d,65,66,69,67,6d,6a,6e,64,61,6e,6e,65,6c,6f,6b,66,64,6b,..
"abpbjhbdlhiomdnaigakclbpoljkknfmpp"=hex:61,62,63,64,67,70,67,6f,67,64,66,6a,67,66,64,6b,6a,62,6c,6e,64,..
"maocgjjdlihjfglnahpkpfgaga"=hex:64,62,6d,6c,65,64,68,6c,62,6f,62,68,6c,63,62,6f,6a,66,6c,69,6e,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Wed  4 Aug 2004		   524 ..SHR --- "C:\WINDOWS\sscfgwin.sys"
Fri  3 Dec 2004		 1,024 A..HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Fri  3 Dec 2004		 1,024 A..HR --- "C:\WINDOWS\system32\ntiembed.dll"
Fri  3 Dec 2004		 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sat  2 Sep 2006		 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 25 Sep 2006		   302 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiF.tmp"
Tue 30 Oct 2007			 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 13 Nov 2006	   319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\10299b057f67579423b2b7c5e444304d\BITA7.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\156d842f6d459c9fa7d765370c3cfef7\BITAE.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\215e08f9b5a2e3fa9c26b186843b146d\BITA9.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\28cf4c02311fdf0fa175e9078b060617\BITAD.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2dcf1bdc320dd1050ace3ca9b7ba7189\BITB5.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3e0da2605fd8fc1ac6c296064b929216\BITAB.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\47992b41e0f9217924dde9723466c1d5\BITAA.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\48004cc97fa5f73d2c849bfafb78f796\BITA8.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ee7cf5d0fc01aad237e3859d3e7b7f3\BITB4.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\88f08de4bc99c666c9484dada8d92757\BITB3.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\95809aa22b9e6dc1af6b86e012b1c076\BITB2.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b4defcd24e86e80b36413d78fba087aa\BITAF.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf3677c59b9022adf7da4153dc86badb\BITB1.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d7c22821a3451c898b2dedaa0e746a1a\BITB0.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e8e87d02989a2e8ffc07217d37f06fdb\BITB6.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f651fb5b24b9b5d1182e1a9dcbd62e32\BITAC.tmp"
Thu 27 Dec 2007			 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fbf2096f0231be8d2c6e9a6c1e45a11f\BITB7.tmp"
Sat 22 Dec 2007	   165,232 A..H. --- "C:\Documents and Settings\sholland\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll"

Finished!

Latest HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38, on 2007-12-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\mspaint.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PaperCut NG Client] C:\Program Files\PaperCut NG Client\pc-client.exe /silent /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PASPortal.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101857210422
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = peninsula.vic.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = peninsula.vic.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{886C52E5-66A5-4AAC-9B72-215E291A445E}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = peninsula.vic.edu.au
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: MaxBackServiceInt - Logitech Inc. - (no file)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9993 bytes

Edited by Tixylix, 27 December 2007 - 06:39 AM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:05 AM

Posted 27 December 2007 - 05:02 PM

Click Start > Run and type these commands hitting enter after each one:

sc stop WinSvchostManager

sc delete WinSvchostManager



=============


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.


File::
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\gebca.exe
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2



Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



===============



Please download this file and save it to your desktop.

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Double click to run it and post the resulting log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Tixylix

Tixylix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 20 January 2008 - 11:24 PM

ComboFix Log

ComboFix 07-12-21.4 - SHOLLAND 1988-01-02  0:08:32.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.61.1033.18.502 [GMT 11:00]
Running from: C:\Documents and Settings\sholland\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sholland\Desktop\CFScript.txt
 * Created a new restore point

FILE
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\gebca.exe
C:\WINDOWS\system32\svcprs32.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\gebca.exe
C:\WINDOWS\system32\svcprs32.exe

.
(((((((((((((((((((((((((   Files Created from 2007-12-21 to 2008-01-21  )))))))))))))))))))))))))))))))
.

2008-01-21 13:45 . 2008-01-21 13:45	<DIR>	d--------	C:\WINDOWS\LastGood
2007-12-28 05:32 . 2007-12-28 05:32	479,232	--a------	C:\WINDOWS\system32\RCX1D.tmp
2007-12-28 05:20 . 2007-12-28 05:20	<DIR>	d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-27 13:21 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll
2007-12-27 13:21 . 2007-07-30 19:19	207,736	--a------	C:\WINDOWS\system32\muweb.dll
2007-12-27 13:21 . 2007-07-30 19:19	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui
2007-12-27 09:19 . 2007-12-27 09:19	<DIR>	d--------	C:\WINDOWS\ERUNT
2007-12-27 09:18 . 2007-12-27 09:18	61,440	--a------	C:\WINDOWS\system32\RCX1F.tmp
2007-12-26 22:25 . 2007-12-26 22:45	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\LimeWire
2007-12-26 22:24 . 2007-12-26 22:24	<DIR>	d--------	C:\Program Files\LimeWire
2007-12-26 11:32 . 2007-12-26 11:32	15,360	--a------	C:\WINDOWS\system32\ctfmon .exe
2007-12-26 11:31 . 2007-12-26 11:32	495,616	--a------	C:\WINDOWS\system32\ctfmon.exe.tmp
2007-12-26 11:31 . 2004-08-04 01:56	15,360	--a--c---	C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-26 11:31 . 2004-08-04 01:56	15,360	--a------	C:\WINDOWS\system32\ctfmon.exe
2007-12-25 20:08 . 2007-12-25 20:08	0	--a------	C:\WINDOWS\system32\access.tmp
2007-12-25 11:48 . 2004-08-03 23:32	455,168	--a--c---	C:\WINDOWS\system32\dllcache\tintsetp.exe
2007-12-24 23:07 . 2007-12-24 23:07	17	--a------	C:\stinger.opt
2007-12-24 22:37 . 2007-12-24 22:38	1,953,799	--a------	C:\stinger.exe
2007-12-24 21:26 . 2007-12-21 00:31	143,294	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-12-24 21:26 . 2007-12-21 00:31	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-12-24 21:26 . 2007-12-21 00:31	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-12-24 21:26 . 2007-12-21 00:31	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-12-24 21:26 . 2007-12-21 00:31	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-12-24 21:26 . 2007-12-21 00:31	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-12-24 21:26 . 2007-12-21 00:31	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-12-24 21:26 . 2007-12-21 00:31	64	--a------	C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-12-24 21:02 . 2007-12-27 00:05	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\CallingID
2007-12-24 21:00 . 2007-12-24 21:00	<DIR>	d--------	C:\Program Files\Common Files\Scanner
2007-12-24 21:00 . 2007-11-23 11:48	879,784	--a------	C:\WINDOWS\system32\drivers\vetefile.sys
2007-12-24 21:00 . 2007-11-23 11:48	108,312	--a------	C:\WINDOWS\system32\drivers\veteboot.sys
2007-12-24 21:00 . 2007-11-23 11:48	99,592	--a------	C:\WINDOWS\system32\isafeif.dll
2007-12-24 21:00 . 2007-11-23 11:48	91,400	--a------	C:\WINDOWS\system32\isafprod.dll
2007-12-24 21:00 . 2007-11-23 11:48	79,424	--a------	C:\WINDOWS\system32\vetredir.dll
2007-12-24 21:00 . 2007-11-23 11:48	32,264	--a------	C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-12-24 21:00 . 2007-11-23 11:48	26,376	--a------	C:\WINDOWS\system32\drivers\vet-filt.sys
2007-12-24 21:00 . 2007-11-23 11:48	21,512	--a------	C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-12-24 21:00 . 2007-11-23 11:48	21,128	--a------	C:\WINDOWS\system32\drivers\vet-rec.sys
2007-12-24 20:59 . 2007-12-24 20:59	2,732,032	--a------	C:\WINDOWS\system32\win32cpr.dll
2007-12-24 20:59 . 2007-11-14 12:26	1,830,912	--a------	C:\WINDOWS\system32\winsflte.dll
2007-12-24 20:59 . 2007-12-24 20:59	1,564,771	--a------	C:\WINDOWS\system32\winsflt.dll
2007-12-24 20:59 . 2007-11-14 12:34	1,212,416	--a------	C:\WINDOWS\system32\mdmcls32.exe
2007-12-24 20:58 . 2007-12-24 20:59	<DIR>	d--------	C:\WINDOWS\rnapxs
2007-12-24 20:58 . 2002-01-01 13:02	7,440	--a------	C:\WINDOWS\system32\sporder.dll
2007-12-24 20:52 . 2007-12-24 21:00	<DIR>	d--------	C:\Program Files\CA
2007-12-24 20:52 . 2007-12-24 21:20	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\CA
2007-12-24 18:19 . 2007-12-24 18:19	532,480	--a------	C:\cwshredder.exe
2007-12-24 18:09 . 2007-12-24 18:09	335,992	--a------	C:\Dial-a-fix-v0.60.0.24.zip
2007-12-24 16:07 . 2007-12-24 16:01	102,664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-24 16:01 . 2007-12-24 16:09	<DIR>	d--------	C:\Documents and Settings\sholland\.housecall6.6
2007-12-24 12:37 . 2007-12-24 12:37	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\Grisoft
2007-12-24 12:34 . 2007-12-24 12:34	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 12:34 . 2007-05-30 23:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-24 12:08 . 2007-12-24 11:43	12,413,440	--a------	C:\avgas-setup-7.5.1.43.exe
2007-12-24 11:38 . 2007-12-24 11:37	107,640	--a------	C:\OiUninstaller.exe
2007-12-24 11:33 . 2007-12-24 11:33	<DIR>	d--------	C:\Program Files\Trend Micro
2007-12-24 11:28 . 2007-12-24 11:29	812,344	--a------	C:\HJTInstall.exe
2007-12-24 11:22 . 2007-12-24 11:22	479,232	--a------	C:\WINDOWS\system32\RCX3D.tmp
2007-12-23 23:47 . 2007-12-23 23:47	<DIR>	d--------	C:\Program Files\IObit
2007-12-23 23:47 . 2007-12-24 00:03	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-23 22:29 . 2007-12-23 22:29	4	--a------	C:\WINDOWS\system32\wnsm2i.rdb
2007-12-23 20:56 . 2007-12-23 20:56	<DIR>	d--------	C:\Program Files\SpaceMonger
2007-12-23 20:56 . 2007-12-23 20:56	<DIR>	d--------	C:\Documents and Settings\sholland\Application Data\SpaceMonger
2007-12-22 22:09 . 2007-12-24 02:18	221,184	--a------	C:\WINDOWS\system32\LVCOMSX .EXE
2007-12-21 13:08 . 2007-12-24 11:08	<DIR>	d--------	C:\Program Files\Weather Watcher

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 03:03	365,056	----a-w	C:\WINDOWS\system32\gebca.dll
2007-12-27 11:38	---------	d-----w	C:\Program Files\Lavasoft
2007-12-27 11:36	---------	d-----w	C:\Program Files\Symantec AntiVirus
2007-12-27 11:36	---------	d-----w	C:\Program Files\Symantec
2007-12-27 11:36	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2007-12-27 00:33	---------	d-----w	C:\Program Files\Launch Manager
2007-12-24 10:11	---------	d-----w	C:\Documents and Settings\sholland\Application Data\Azureus
2007-12-24 10:05	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-12-24 10:04	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-12-24 10:01	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 23:27	---------	d-----w	C:\Program Files\LIVEUPDATE
2007-12-23 23:03	---------	d-----w	C:\Program Files\QuickTime
2007-12-23 23:03	---------	d-----w	C:\Program Files\PaperCut NG Client
2007-12-23 11:42	---------	d-----w	C:\Program Files\iTunes
2007-12-23 11:41	---------	d-----w	C:\Program Files\MessengerPlus! 3
2007-12-23 04:18	---------	d-----w	C:\Program Files\Sony
2007-12-23 03:34	---------	d-----w	C:\Program Files\UBISOFT
2007-12-23 03:25	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-23 02:51	---------	d-----w	C:\Program Files\Mgboss
2007-12-23 02:27	---------	d-----w	C:\Program Files\Titan Backup
2007-12-22 05:52	---------	d-----w	C:\Program Files\Mozilla Thunderbird
2007-12-21 07:00	---------	d-----w	C:\Program Files\MSN-History
2007-12-20 09:16	---------	d-----w	C:\Program Files\Macromedia
2007-12-20 08:46	---------	d-----w	C:\Program Files\Opera
2007-12-19 23:20	---------	d-----w	C:\Documents and Settings\sholland\Application Data\U3
2007-12-19 01:17	---------	d-----w	C:\Program Files\Azureus
2007-12-18 14:22	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-18 05:27	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-18 02:53	---------	d-----w	C:\Documents and Settings\sholland\Application Data\BitSpirit
2007-12-16 05:42	---------	d-----w	C:\Program Files\Paint.NET
2007-12-16 01:33	---------	d-----w	C:\Program Files\Common Files\Control Panels
2007-12-16 01:31	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-12-14 10:16	---------	d-----w	C:\Program Files\Jitbit
2007-12-14 10:16	---------	d-----w	C:\Documents and Settings\sholland\Application Data\AutoText
2007-12-14 00:54	---------	d-----w	C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-14 00:24	---------	d-----w	C:\Program Files\Bonjour
2007-12-13 23:59	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared
2007-12-08 04:56	---------	d-----w	C:\Program Files\Western Digital Technologies
2007-12-04 05:15	---------	d-----w	C:\Program Files\Apple Software Update
2007-12-03 08:08	---------	d-----w	C:\Documents and Settings\sholland\Application Data\Ulead Systems
2007-12-03 08:08	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-03 08:05	---------	d-----w	C:\Program Files\Windows Media Components
2007-12-03 08:04	---------	d-----w	C:\Program Files\Common Files\SONY Digital Images
2007-12-03 08:00	---------	d-----w	C:\Program Files\Ulead Systems
2007-12-03 08:00	---------	d-----w	C:\Program Files\Common Files\Ulead Systems
2007-12-02 10:25	---------	d-----w	C:\Program Files\MagicISO
2007-12-01 10:40	---------	d-----w	C:\Program Files\Google
2007-12-01 07:23	---------	d-----w	C:\Program Files\iPod
2007-12-01 00:16	---------	d-----w	C:\Program Files\Softomate
2007-11-28 12:01	---------	d-----w	C:\Documents and Settings\sholland\Application Data\DemoCreator
2007-11-28 12:00	---------	d-----w	C:\Program Files\Wondershare
2007-11-27 08:51	---------	d-----w	C:\Program Files\Smart Install Maker
2007-11-27 07:43	---------	d-----w	C:\Documents and Settings\sholland\Application Data\Publish Providers
2007-11-25 12:14	---------	d-----w	C:\Program Files\Real Alternative
2007-11-25 12:14	---------	d-----w	C:\Documents and Settings\sholland\Application Data\Media Player Classic
2007-11-24 10:57	---------	d-----w	C:\Program Files\Mozilla Sunbird
2007-10-29 22:43	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-27 06:40	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-08-11 03:05	92,064	----a-w	C:\Documents and Settings\sholland\mqdmmdm.sys
2007-08-11 03:05	9,232	----a-w	C:\Documents and Settings\sholland\mqdmmdfl.sys
2007-08-11 03:05	79,328	----a-w	C:\Documents and Settings\sholland\mqdmserd.sys
2007-08-11 03:05	66,656	----a-w	C:\Documents and Settings\sholland\mqdmbus.sys
2007-08-11 03:05	6,208	----a-w	C:\Documents and Settings\sholland\mqdmcmnt.sys
2007-08-11 03:05	5,936	----a-w	C:\Documents and Settings\sholland\mqdmwhnt.sys
2007-08-11 03:05	4,048	----a-w	C:\Documents and Settings\sholland\mqdmcr.sys
2007-08-11 03:05	25,600	----a-w	C:\Documents and Settings\sholland\usbsermptxp.sys
2007-08-11 03:05	22,768	----a-w	C:\Documents and Settings\sholland\usbsermpt.sys
2006-08-05 07:20	0	-c--a-w	C:\Program Files\gditst
2006-06-23 04:05	128	----a-w	C:\Program Files\hummer1210.txt
2006-06-23 04:05	128	----a-w	C:\Program Files\hummer0707.txt
2006-06-23 04:05	128	----a-w	C:\Program Files\hummer050707.txt
2006-06-23 04:05	128	----a-w	C:\Program Files\hummer0203.txt
2004-11-22 00:42	34	-c--a-w	C:\Program Files\script.bat
2004-08-03 14:56	343,040	----a-w	C:\Program Files\mspaint.exe
2004-08-03 14:56	524	--sh--r	C:\WINDOWS\sscfgwin.sys
.

(((((((((((((((((((((((((((((   snapshot@2007-12-24_19.13.56.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-06 09:52:38	72,960	----a-w	C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
+ 2007-07-06 13:08:11	138,240	----a-w	C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
+ 2007-07-06 13:08:11	47,104	----a-w	C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
+ 2007-07-06 13:08:11	16,896	----a-w	C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
+ 2007-07-06 13:08:11	660,992	----a-w	C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
+ 2007-07-06 13:08:11	177,152	----a-w	C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
+ 2007-07-06 13:08:11	95,744	----a-w	C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
+ 2007-07-06 13:08:11	48,640	----a-w	C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
+ 2007-07-06 13:08:11	471,552	----a-w	C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
+ 2005-10-12 23:12:25	14,048	----a-w	C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
+ 2005-10-12 23:12:26	213,216	----a-w	C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
+ 2005-10-12 23:12:25	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
+ 2005-10-12 23:12:29	716,000	----a-w	C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
+ 2005-10-12 23:12:34	371,424	----a-w	C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
+ 2007-10-29 22:35:13	1,287,680	----a-w	C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36	14,048	----a-w	C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41	213,216	----a-w	C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59	716,000	----a-w	C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51	371,424	----a-w	C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-11 05:57:29	1,024,000	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll
+ 2007-10-11 05:57:29	151,040	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll
+ 2007-10-11 05:57:30	1,054,208	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll
+ 2007-10-11 05:57:30	357,888	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll
+ 2007-10-11 05:57:30	205,824	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll
+ 2007-10-11 05:57:30	55,808	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll
+ 2007-10-10 10:48:23	18,432	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe
+ 2007-10-11 05:57:31	251,904	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll
+ 2007-10-11 05:57:31	96,256	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll
+ 2007-10-11 05:57:31	16,384	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll
+ 2007-10-30 09:55:21	3,065,856	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll
+ 2007-10-11 05:57:36	449,024	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll
+ 2007-10-11 05:57:36	146,432	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll
+ 2007-10-11 05:57:37	532,480	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll
+ 2007-10-11 05:57:37	39,424	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll
+ 2007-10-11 05:57:39	1,498,112	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll
+ 2007-10-11 05:57:40	474,112	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll
+ 2007-10-11 05:57:40	617,984	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll
+ 2007-10-11 05:57:41	666,112	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
+ 2007-10-10 10:34:35	350,720	----a-w	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36	14,048	----a-w	C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll
+ 2007-03-06 01:22:41	213,216	----a-w	C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe
+ 2007-03-06 01:22:34	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll
+ 2007-03-06 01:22:59	716,000	----a-w	C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
+ 2007-03-06 01:23:51	371,424	----a-w	C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll
+ 2007-11-13 11:02:46	60,416	----a-w	C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36	14,048	----a-w	C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41	213,216	----a-w	C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59	716,000	----a-w	C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51	371,424	----a-w	C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03	450,560	----a-w	C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36	14,048	----a-w	C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41	213,216	----a-w	C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59	716,000	----a-w	C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51	371,424	----a-w	C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-11-13 08:47:45	20,480	----a-w	C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36	14,048	----a-w	C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41	213,216	----a-w	C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59	716,000	----a-w	C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51	371,424	----a-w	C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-12-23 13:54:58	163,328	----a-w	C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-26 22:20:04	1,863,680	----a-w	C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2007-12-26 22:20:05	8,192	----a-w	C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-23 13:54:58	163,328	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-26 22:19:48	1,863,680	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2007-12-26 22:19:48	8,192	----a-w	C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-24 10:04:16	8,854	----a-r	C:\WINDOWS\Installer\{084CC1A4-FC1B-4DE7-89BB-A367FC6208A6}\ARPPRODUCTICON.exe
- 2007-11-17 01:35:02	593,920	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-12-27 18:19:50	593,920	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-11-17 01:35:02	12,288	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-27 18:19:50	12,288	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-11-17 01:35:02	86,016	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-12-27 18:19:50	86,016	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-11-17 01:35:02	135,168	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-27 18:19:50	135,168	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-11-17 01:35:02	11,264	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-27 18:19:50	11,264	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-11-17 01:35:02	27,136	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-27 18:19:51	27,136	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-11-17 01:35:03	4,096	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-27 18:19:51	4,096	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-11-17 01:35:03	794,624	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-27 18:19:51	794,624	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-11-17 01:35:02	249,856	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-27 18:19:50	249,856	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-11-17 01:35:02	61,440	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-12-27 18:19:50	61,440	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-11-17 01:35:03	23,040	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-27 18:19:51	23,040	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-11-17 01:35:02	286,720	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-27 18:19:50	286,720	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-11-17 01:35:02	409,600	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-27 18:19:50	409,600	----a-r	C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-24 10:06:51	10,134	----a-r	C:\WINDOWS\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\ARPPRODUCTICON.exe
+ 2007-12-24 10:00:40	8,854	----a-r	C:\WINDOWS\Installer\{F05A5232-CE5E-4274-AB27-44EB8105898D}\ARPPRODUCTICON.exe
+ 2007-12-20 13:27:02	110,592	----a-w	C:\WINDOWS\rnapxs\CSDK\urlcache\domainNames.dat
+ 2007-12-20 13:27:02	1,200,128	----a-w	C:\WINDOWS\rnapxs\CSDK\urlcache\urlCacheDb.dat
+ 2007-12-24 09:59:39	30,720	--sha-w	C:\WINDOWS\rnapxs\rnapxs.dat
+ 2007-02-04 01:27:18	258,352	--s-a-r	C:\WINDOWS\system\unicows.dll
- 2007-08-22 13:12:15	1,022,976	----a-w	C:\WINDOWS\system32\browseui.dll
+ 2007-10-11 06:13:44	1,023,488	----a-w	C:\WINDOWS\system32\browseui.dll
- 2007-08-22 13:12:15	151,040	----a-w	C:\WINDOWS\system32\cdfview.dll
+ 2007-10-11 06:13:44	151,040	----a-w	C:\WINDOWS\system32\cdfview.dll
- 2007-04-16 12:45:28	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 08:19:20	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
- 2007-08-22 13:12:16	1,054,208	----a-w	C:\WINDOWS\system32\danim.dll
+ 2007-10-11 06:13:44	1,054,208	----a-w	C:\WINDOWS\system32\danim.dll
- 2007-08-22 13:12:15	1,022,976	-c--a-w	C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-10-11 06:13:44	1,023,488	-c--a-w	C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-08-22 13:12:15	151,040	-c--a-w	C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-10-11 06:13:44	151,040	-c--a-w	C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-04-16 12:45:28	92,504	-c--a-w	C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 08:19:20	92,504	-c--a-w	C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-08-22 13:12:16	1,054,208	-c--a-w	C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-10-11 06:13:44	1,054,208	-c--a-w	C:\WINDOWS\system32\dllcache\danim.dll
- 2007-08-22 13:12:16	357,888	-c--a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-10-11 06:13:44	357,888	-c--a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-22 13:12:16	205,312	-c--a-w	C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-11 06:13:44	205,312	-c--a-w	C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-22 13:12:16	55,808	-c--a-w	C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-11 06:13:44	55,808	-c--a-w	C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-21 10:30:45	18,432	-c--a-w	C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-10-10 11:16:27	18,432	-c--a-w	C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-22 13:12:16	251,392	-c--a-w	C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-10-11 06:13:44	251,392	-c--a-w	C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-22 13:12:16	96,256	-c--a-w	C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-10-11 06:13:44	96,256	-c--a-w	C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25	450,560	-c--a-w	C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:26:56	450,560	-c--a-w	C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-08-22 13:12:16	16,384	-c--a-w	C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-11 06:13:44	16,384	-c--a-w	C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-03 12:58:22	72,960	-c--a-w	C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47	72,960	-c--a-w	C:\WINDOWS\system32\dllcache\mqac.sys
- 2004-08-03 14:56:44	138,240	-c--a-w	C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59	138,240	-c--a-w	C:\WINDOWS\system32\dllcache\mqad.dll
- 2004-08-03 14:56:44	47,104	-c--a-w	C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59	47,104	-c--a-w	C:\WINDOWS\system32\dllcache\mqdscli.dll
- 2004-08-03 14:56:44	16,896	-c--a-w	C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59	16,896	-c--a-w	C:\WINDOWS\system32\dllcache\mqise.dll
- 2004-08-03 14:56:44	660,992	-c--a-w	C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59	660,992	-c--a-w	C:\WINDOWS\system32\dllcache\mqqm.dll
- 2004-08-03 14:56:44	177,152	-c--a-w	C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59	177,152	-c--a-w	C:\WINDOWS\system32\dllcache\mqrt.dll
- 2004-08-03 14:56:44	95,744	-c--a-w	C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59	95,744	-c--a-w	C:\WINDOWS\system32\dllcache\mqsec.dll
- 2004-08-03 14:56:44	48,640	-c--a-w	C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59	48,640	-c--a-w	C:\WINDOWS\system32\dllcache\mqupgrd.dll
- 2004-08-03 14:56:44	471,552	-c--a-w	C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46:59	471,552	-c--a-w	C:\WINDOWS\system32\dllcache\mqutil.dll
- 2007-08-22 13:12:17	3,058,176	-c--a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 10:16:33	3,058,688	-c--a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-22 13:12:17	449,024	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-11 06:13:45	449,024	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-22 13:12:17	146,432	-c--a-w	C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-11 06:13:45	146,432	-c--a-w	C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-22 13:12:17	532,480	-c--a-w	C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-11 06:13:45	532,480	-c--a-w	C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-22 13:12:17	39,424	-c--a-w	C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-11 06:13:45	39,424	-c--a-w	C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2005-08-30 03:54:26	1,287,168	-c--a-w	C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-29 22:43:03	1,287,680	-c--a-w	C:\WINDOWS\system32\dllcache\quartz.dll
- 2007-08-22 13:12:18	1,494,528	-c--a-w	C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-10-11 06:13:45	1,494,528	-c--a-w	C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-08-22 13:12:18	474,112	-c--a-w	C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-10-11 06:13:45	474,112	-c--a-w	C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-08-22 13:12:18	615,424	-c--a-w	C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-11 06:13:45	615,424	-c--a-w	C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-22 13:12:18	658,944	-c--a-w	C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-11 06:13:45	659,456	-c--a-w	C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-10-18 11:47:18	222,208	-c--a-w	C:\WINDOWS\system32\dllcache\WMASF.dll
+ 2007-10-27 06:40:30	222,720	-c--a-w	C:\WINDOWS\system32\dllcache\wmasf.dll
- 2007-04-16 12:45:48	549,720	-c--a-w	C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 08:19:36	549,720	-c--a-w	C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-04-16 12:45:20	53,080	-c--a-w	C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 08:19:16	53,080	-c--a-w	C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-04-16 12:45:54	1,710,936	-c--a-w	C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 08:19:42	1,712,984	-c--a-w	C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-04-16 12:45:42	325,976	-c--a-w	C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 08:19:32	325,976	-c--a-w	C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-04-16 12:47:36	33,624	-c--a-w	C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 08:18:40	33,624	-c--a-w	C:\WINDOWS\system32\dllcache\wups.dll
- 2007-04-16 12:45:36	203,096	-c--a-w	C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 08:19:28	203,096	-c--a-w	C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-05-18 02:30:00	61,960	----a-w	C:\WINDOWS\system32\drivers\KmxAgent.sys
+ 2007-10-17 23:24:46	134,672	----a-w	C:\WINDOWS\system32\drivers\KmxCF.sys
+ 2007-09-13 04:15:06	88,840	----a-w	C:\WINDOWS\system32\drivers\KmxCfg.sys
+ 2007-05-18 02:30:00	45,064	----a-w	C:\WINDOWS\system32\drivers\KmxFile.sys
+ 2007-10-18 03:21:02	114,704	----a-w	C:\WINDOWS\system32\drivers\KmxFw.sys
+ 2007-11-02 01:09:10	65,552	----a-w	C:\WINDOWS\system32\drivers\KmxSbx.sys
+ 2007-10-17 23:24:46	93,712	----a-w	C:\WINDOWS\system32\drivers\KmxStart.sys
- 2004-08-03 12:58:22	72,960	-c--a-w	C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47	72,960	----a-w	C:\WINDOWS\system32\drivers\mqac.sys
- 2004-07-17 01:36:38	27,440	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53	20,480	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
- 2007-08-22 13:12:16	357,888	----a-w	C:\WINDOWS\system32\dxtmsft.dll
+ 2007-10-11 06:13:44	357,888	----a-w	C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 13:12:16	205,312	----a-w	C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-11 06:13:44	205,312	----a-w	C:\WINDOWS\system32\dxtrans.dll
- 2007-08-22 13:12:16	55,808	----a-w	C:\WINDOWS\system32\extmgr.dll
+ 2007-10-11 06:13:44	55,808	----a-w	C:\WINDOWS\system32\extmgr.dll
- 2007-08-22 13:12:16	251,392	----a-w	C:\WINDOWS\system32\iepeers.dll
+ 2007-10-11 06:13:44	251,392	----a-w	C:\WINDOWS\system32\iepeers.dll
- 2007-08-22 13:12:16	96,256	----a-w	C:\WINDOWS\system32\inseng.dll
+ 2007-10-11 06:13:44	96,256	----a-w	C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25	450,560	----a-w	C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56	450,560	----a-w	C:\WINDOWS\system32\jscript.dll
- 2007-08-22 13:12:16	16,384	----a-w	C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-11 06:13:44	16,384	----a-w	C:\WINDOWS\system32\jsproxy.dll
- 2004-08-03 14:56:44	138,240	----a-w	C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59	138,240	----a-w	C:\WINDOWS\system32\mqad.dll
- 2004-08-03 14:56:44	47,104	----a-w	C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59	47,104	----a-w	C:\WINDOWS\system32\mqdscli.dll
- 2004-08-03 14:56:44	16,896	----a-w	C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59	16,896	----a-w	C:\WINDOWS\system32\mqise.dll
- 2004-08-03 14:56:44	660,992	-c--a-w	C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59	660,992	----a-w	C:\WINDOWS\system32\mqqm.dll
- 2004-08-03 14:56:44	177,152	-c--a-w	C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59	177,152	----a-w	C:\WINDOWS\system32\mqrt.dll
- 2004-08-03 14:56:44	95,744	----a-w	C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59	95,744	----a-w	C:\WINDOWS\system32\mqsec.dll
- 2004-08-03 14:56:44	48,640	----a-w	C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59	48,640	----a-w	C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-03 14:56:44	471,552	----a-w	C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59	471,552	----a-w	C:\WINDOWS\system32\mqutil.dll
- 2007-08-22 13:12:17	3,058,176	----a-w	C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 10:16:33	3,058,688	----a-w	C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 13:12:17	449,024	----a-w	C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 06:13:45	449,024	----a-w	C:\WINDOWS\system32\mshtmled.dll
- 2007-08-22 13:12:17	146,432	----a-w	C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 06:13:45	146,432	----a-w	C:\WINDOWS\system32\msrating.dll
- 2007-08-22 13:12:17	532,480	----a-w	C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 06:13:45	532,480	----a-w	C:\WINDOWS\system32\mstime.dll
- 2007-12-20 23:39:32	80,894	----a-w	C:\WINDOWS\system32\perfc009.dat
+ 1988-01-01 11:43:19	79,660	----a-w	C:\WINDOWS\system32\perfc009.dat
- 2007-12-20 23:39:32	460,654	----a-w	C:\WINDOWS\system32\perfh009.dat
+ 1988-01-01 11:43:20	458,102	----a-w	C:\WINDOWS\system32\perfh009.dat
- 2007-08-22 13:12:17	39,424	----a-w	C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 06:13:45	39,424	----a-w	C:\WINDOWS\system32\pngfilt.dll
- 2007-08-22 13:12:18	1,494,528	----a-w	C:\WINDOWS\system32\shdocvw.dll
+ 2007-10-11 06:13:45	1,494,528	----a-w	C:\WINDOWS\system32\shdocvw.dll
- 2007-08-22 13:12:18	474,112	----a-w	C:\WINDOWS\system32\shlwapi.dll
+ 2007-10-11 06:13:45	474,112	----a-w	C:\WINDOWS\system32\shlwapi.dll
+ 2007-07-30 08:18:40	33,624	----a-w	C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 08:19:12	43,352	----a-w	C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
- 2007-07-18 12:42:22	60,416	----a-w	C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11	60,416	----a-w	C:\WINDOWS\system32\tzchange.exe
+ 2007-08-01 22:09:40	117,264	----a-w	C:\WINDOWS\system32\UmxSbxExw.dll
+ 2007-08-01 22:09:40	256,528	----a-w	C:\WINDOWS\system32\UmxSbxw.dll
+ 2007-05-18 02:30:00	79,368	----a-w	C:\WINDOWS\system32\UmxWNP.dll
- 2007-08-22 13:12:18	615,424	----a-w	C:\WINDOWS\system32\urlmon.dll
+ 2007-10-11 06:13:45	615,424	----a-w	C:\WINDOWS\system32\urlmon.dll
- 2007-08-22 13:12:18	658,944	----a-w	C:\WINDOWS\system32\wininet.dll
+ 2007-10-11 06:13:45	659,456	----a-w	C:\WINDOWS\system32\wininet.dll
- 2007-04-16 12:45:48	549,720	----a-w	C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 08:19:36	549,720	----a-w	C:\WINDOWS\system32\wuapi.dll
- 2007-04-16 12:45:20	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 08:19:16	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
- 2007-04-16 12:45:54	1,710,936	----a-w	C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 08:19:42	1,712,984	----a-w	C:\WINDOWS\system32\wuaueng.dll
- 2007-04-16 12:45:42	325,976	----a-w	C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 08:19:32	325,976	----a-w	C:\WINDOWS\system32\wucltui.dll
- 2007-04-16 12:47:36	33,624	----a-w	C:\WINDOWS\system32\wups.dll
+ 2007-07-30 08:18:40	33,624	----a-w	C:\WINDOWS\system32\wups.dll
- 2007-04-16 12:45:20	43,352	----a-w	C:\WINDOWS\system32\wups2.dll
+ 2007-07-30 08:19:12	43,352	----a-w	C:\WINDOWS\system32\wups2.dll
- 2007-04-16 12:45:36	203,096	----a-w	C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 08:19:28	203,096	----a-w	C:\WINDOWS\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FAC55D-280D-4708-9734-7773F377AA34}]
2008-01-21 14:03	365056	--a------	C:\WINDOWS\system32\gebca.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 18:47 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 03:41 C:\WINDOWS\AGRSMMSG.exe]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" []
"EPM-DM"="c:\acer\epm\epm-dm.exe" []
"ePowerManagement"="C:\Acer\ePM\ePM.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" []
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" []
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" []
"PaperCut NG Client"="C:\Program Files\PaperCut NG Client\pc-client.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [1988-01-01 00:12]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [1988-01-01 00:12]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe" []
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" []
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-12-27 09:18]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-12-27 09:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
PASPortal.lnk - C:\WINDOWS\Installer\{53CBBD51-88E8-44AD-9F3F-D072743E835E}\NewShortcut1.exe [2004-12-07 12:51:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideStartupScripts"= 0 (0x0)
"RunLogonScriptSync"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoSecurityTab"= 1 (0x1)
"NoUserNameInStartMenu"= 01000000
"ForceStartMenuLogOff"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [2007-10-15 21:40 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 16:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\gebca.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 C:\\WINDOWS\\system32\\gebca

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-23 22:42	835584	--a------	C:\Program Files\iTunes\iTunesHelper.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-12-28 10:24	20480	--a------	C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
			C:\Program Files\Logitech\Video\ManifestEngine.exe boot
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2007-12-23 22:41	962560	--a------	C:\Program Files\Logitech\Video\ISStart.exe 
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 16:14	217088	--a------	C:\Program Files\Logitech\Video\LogiTray.exe
			
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2007-12-23 22:41	708608	--a------	C:\Program Files\MessengerPlus! 3\MsgPlus.exe

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 10:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 13:30]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 13:30]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 14:21]
R1 LADriver;LADriver;C:\WINDOWS\system32\drivers\LADriver.sys [2005-09-22 05:12]
R1 LDDriver;LDDriver;C:\WINDOWS\system32\drivers\LDDriver.sys [2005-09-22 04:17]
R1 LHDriver;LHDriver;C:\WINDOWS\system32\drivers\LHDriver.sys [2005-09-22 05:21]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-18 00:57]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-08-14 20:59]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 10:24]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 12:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 12:55]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 11:50]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 11:50]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys [2002-11-20 19:29]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 15:15]
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-04-17 15:00]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-11-14 18:30]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-04 10:07]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 PASCO;PASCO PASPORT USB Driver (PSSensor.sys);C:\WINDOWS\system32\Drivers\PSSensor.sys [2002-07-17 08:29]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\sholland\LOCALS~1\Temp\iMSPCLOj.sys []
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2007-03-07 22:44]
S3 USB11LDR;USB Midi 1x1 Loader;C:\WINDOWS\system32\drivers\usb11ldr.sys [2002-09-25 16:02]
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
S3 USBMM1X1;USB Midi 1x1 USB Driver;C:\WINDOWS\system32\drivers\usbmm1x1.sys [2002-09-25 16:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22dc040-93a8-11db-9c99-000e359e5564}]
\Shell\AutoRun\command - G:\Launcher.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 08:29:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-25 11:09:36 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as SHOLLAND at 21 01.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2006-10-10 23:21:20 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 14:02:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

C:\WINDOWS\system32\acbeg.ini 367 bytes
C:\WINDOWS\system32\acbeg.ini2 319 bytes
IPC error: 2 The system cannot find the file specified.
scan completed successfully 
hidden files: 2 

**************************************************************************
.
Completion time: 2008-01-21 14:40:27 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-26 11:42
C:\ComboFix3.txt ... 2007-12-25 12:00
.
2007-12-27 18:21:40	--- E O F ---

RenV Log

Ran on 2008-01-21 - 15:05:16.19

----a-w				 0 2007-12-23 15:18:54  C:\Acer\ePM\ePM .exe
----a-w		   151,552 2007-12-23 15:18:34  C:\Acer\ePM\epm-dm .exe
----a-w		   339,968 2007-12-24 08:25:27  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w			14,088 2007-12-26 00:34:56  C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader .exe
----a-w		   234,760 2008-01-21 04:07:42  C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID .exe
----a-w		   173,320 2008-01-21 04:07:44  C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem .exe
----a-w		   181,512 2008-01-21 03:04:34  C:\Program Files\CA\CA Internet Security Suite\cctray\cctray .exe
----a-w			66,680 2007-12-23 15:18:34  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w			40,960 2007-12-23 15:18:34  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w		   356,352 2007-12-24 08:17:28  C:\Program Files\Intel\Wireless\Bin\EOUWiz .exe
----a-w		   385,024 2007-12-23 15:18:54  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w		   267,048 2007-12-23 12:26:24  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   303,104 2007-12-26 00:33:17  C:\Program Files\Launch Manager\QtZgAcer .EXE
----a-w			61,440 2007-12-23 12:27:04  C:\Program Files\LIVEUPDATE\LiveUpdate .exe
----a-w		   196,608 2007-12-23 15:18:46  C:\Program Files\Logitech\Video\ManifestEngine .exe
----a-w		   190,024 2007-12-23 12:26:46  C:\Program Files\MessengerPlus! 3\MsgPlus .exe
----a-w		   261,632 2007-12-23 01:57:51  C:\Program Files\Mgboss\mgboss .exe
----a-w		   184,320 2007-12-23 15:18:54  C:\Program Files\PaperCut NG Client\pc-client .exe
----a-w		   286,720 2007-12-23 15:18:34  C:\Program Files\QuickTime\QTTask .exe
----a-w		   161,096 2007-12-23 15:18:34  C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w				 0 2007-12-23 15:18:54  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w			98,304 2007-12-23 15:18:34  C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w		 3,401,152 2007-12-22 12:43:56  C:\Program Files\Titan Backup\Titanbackup .exe
----a-w		 1,024,000 2007-12-23 15:18:39  C:\Program Files\Weather Watcher\ww .exe
----a-w			15,360 2007-12-26 00:32:59  C:\WINDOWS\system32\ctfmon .exe
----a-w		   221,184 2007-12-23 15:18:54  C:\WINDOWS\system32\LVCOMSX .EXE
----a-w		   131,072 2007-12-24 06:55:09  C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBEP .EXE

 Entries:			   27  (27)
 Directories:			0  Files:			27
 Bytes:		  8,747,280  Blocks:	   17,089


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:05 AM

Posted 21 January 2008 - 08:58 AM

Welcome back! :thumbsup:

Combofix has been updated since you downloaded it last, so delete the copy that you have on your desktop now and download the current version from here.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Then run it and post the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Tixylix

Tixylix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 21 January 2008 - 07:23 PM

Thanks, as for windows, it is now staying open and runs at startup - I have also regained full speed, but I'll leave it to you to say when my computer is 100%

Latest ComboFix Log

ComboFix 08-01-20.1 - SHOLLAND 2008-01-22 1:31:11.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.425 [GMT 11:00]
Running from: C:\Documents and Settings\sholland\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID .exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem .exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray .exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\ISStart.exe
C:\Program Files\Logitech\Video\ManifestEngine .exe
C:\Program Files\Logitech\Video\ManifestEngine.exe
C:\Program Files\MessengerPlus! 3\MsgPlus .exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\RCX1D.tmp
C:\WINDOWS\system32\RCX1F.tmp
C:\WINDOWS\system32\RCX3D.tmp
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBEP .EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBEP.EXE
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

<pre>
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID .exe ---> QooBox
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem .exe ---> QooBox
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray .exe ---> QooBox
C:\Program Files\iTunes\iTunesHelper .exe ---> QooBox
C:\Program Files\Logitech\Video\ManifestEngine .exe ---> QooBox
C:\Program Files\MessengerPlus! 3\MsgPlus .exe ---> QooBox
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBEP .EXE ---> QooBox
</pre>
.
----- Unknown downloads made by BITS: ----
http://hummer
.
((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-22 03:01 . 2008-01-22 03:01 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-22 01:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-21 14:05 . 2008-01-21 14:05 479,232 --a------ C:\WINDOWS\system32\gebca.exe
2007-12-28 05:20 . 2007-12-28 05:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-27 13:21 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-27 13:21 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-27 13:21 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-27 09:19 . 2007-12-27 09:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-26 22:25 . 2007-12-26 22:45 <DIR> d-------- C:\Documents and Settings\sholland\Application Data\LimeWire
2007-12-26 22:24 . 2007-12-26 22:24 <DIR> d-------- C:\Program Files\LimeWire
2007-12-26 11:31 . 2004-08-04 01:56 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-26 11:31 . 2004-08-04 01:56 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-25 20:08 . 2007-12-25 20:08 0 --a------ C:\WINDOWS\system32\access.tmp
2007-12-25 11:48 . 2004-08-03 23:32 455,168 --a--c--- C:\WINDOWS\system32\dllcache\tintsetp.exe
2007-12-24 23:07 . 2007-12-24 23:07 17 --a------ C:\stinger.opt
2007-12-24 22:37 . 2007-12-24 22:38 1,953,799 --a------ C:\stinger.exe
2007-12-24 21:26 . 2008-01-22 03:04 65,150 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-12-24 21:26 . 2008-01-22 03:04 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-12-24 21:26 . 2008-01-22 03:04 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-12-24 21:26 . 2008-01-22 03:04 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-12-24 21:26 . 2008-01-22 03:04 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-12-24 21:26 . 2008-01-22 03:04 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-12-24 21:26 . 2008-01-22 03:04 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-12-24 21:26 . 2008-01-22 03:04 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-12-24 21:02 . 2008-01-21 21:32 <DIR> d-------- C:\Documents and Settings\sholland\Application Data\CallingID
2007-12-24 21:00 . 2007-12-24 21:00 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-12-24 21:00 . 2007-11-23 11:48 879,784 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-12-24 21:00 . 2007-11-23 11:48 108,312 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-12-24 21:00 . 2007-11-23 11:48 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2007-12-24 21:00 . 2007-11-23 11:48 91,400 --a------ C:\WINDOWS\system32\isafprod.dll
2007-12-24 21:00 . 2007-11-23 11:48 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2007-12-24 21:00 . 2007-11-23 11:48 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-12-24 21:00 . 2007-11-23 11:48 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-12-24 21:00 . 2007-11-23 11:48 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-12-24 21:00 . 2007-11-23 11:48 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-12-24 20:59 . 2007-12-24 20:59 2,732,032 --a------ C:\WINDOWS\system32\win32cpr.dll
2007-12-24 20:59 . 2007-11-14 12:26 1,830,912 --a------ C:\WINDOWS\system32\winsflte.dll
2007-12-24 20:59 . 2007-12-24 20:59 1,564,771 --a------ C:\WINDOWS\system32\winsflt.dll
2007-12-24 20:59 . 2007-11-14 12:34 1,212,416 --a------ C:\WINDOWS\system32\mdmcls32.exe
2007-12-24 20:58 . 2007-12-24 20:59 <DIR> d-------- C:\WINDOWS\rnapxs
2007-12-24 20:58 . 2002-01-01 13:02 7,440 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-24 20:52 . 2007-12-24 21:00 <DIR> d-------- C:\Program Files\CA
2007-12-24 20:52 . 2007-12-24 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-12-24 18:19 . 2007-12-24 18:19 532,480 --a------ C:\cwshredder.exe
2007-12-24 18:09 . 2007-12-24 18:09 335,992 --a------ C:\Dial-a-fix-v0.60.0.24.zip
2007-12-24 16:07 . 2007-12-24 16:01 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-24 16:01 . 2007-12-24 16:09 <DIR> d-------- C:\Documents and Settings\sholland\.housecall6.6
2007-12-24 12:37 . 2007-12-24 12:37 <DIR> d-------- C:\Documents and Settings\sholland\Application Data\Grisoft
2007-12-24 12:34 . 2007-12-24 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 12:34 . 2007-05-30 23:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-24 12:08 . 2007-12-24 11:43 12,413,440 --a------ C:\avgas-setup-7.5.1.43.exe
2007-12-24 11:38 . 2007-12-24 11:37 107,640 --a------ C:\OiUninstaller.exe
2007-12-24 11:33 . 2007-12-24 11:33 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 11:28 . 2007-12-24 11:29 812,344 --a------ C:\HJTInstall.exe
2007-12-23 23:47 . 2007-12-23 23:47 <DIR> d-------- C:\Program Files\IObit
2007-12-23 23:47 . 2007-12-24 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-23 22:29 . 2007-12-23 22:29 4 --a------ C:\WINDOWS\system32\wnsm2i.rdb
2007-12-23 20:56 . 2007-12-23 20:56 <DIR> d-------- C:\Program Files\SpaceMonger
2007-12-23 20:56 . 2007-12-23 20:56 <DIR> d-------- C:\Documents and Settings\sholland\Application Data\SpaceMonger
2007-12-22 22:09 . 2007-12-24 02:18 221,184 --a------ C:\WINDOWS\system32\LVCOMSX .EXE
2007-12-21 13:08 . 2007-12-24 11:08 <DIR> d-------- C:\Program Files\Weather Watcher

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 15:12 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-21 15:12 --------- d-----w C:\Program Files\iTunes
2008-01-21 14:10 --------- d-----w C:\Program Files\TextAloud
2008-01-21 12:52 --------- d-----w C:\Documents and Settings\sholland\Application Data\Azureus
2008-01-21 09:31 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-21 08:00 --------- d-----w C:\Program Files\MSN-History
2007-12-27 11:38 --------- d-----w C:\Program Files\Lavasoft
2007-12-27 11:36 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-27 11:36 --------- d-----w C:\Program Files\Symantec
2007-12-27 11:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-27 00:33 --------- d-----w C:\Program Files\Launch Manager
2007-12-24 10:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 10:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-24 10:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 23:27 --------- d-----w C:\Program Files\LIVEUPDATE
2007-12-23 23:03 --------- d-----w C:\Program Files\QuickTime
2007-12-23 23:03 --------- d-----w C:\Program Files\PaperCut NG Client
2007-12-23 04:18 --------- d-----w C:\Program Files\Sony
2007-12-23 03:34 --------- d-----w C:\Program Files\UBISOFT
2007-12-23 03:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-23 02:51 --------- d-----w C:\Program Files\Mgboss
2007-12-23 02:27 --------- d-----w C:\Program Files\Titan Backup
2007-12-20 09:16 --------- d-----w C:\Program Files\Macromedia
2007-12-20 08:46 --------- d-----w C:\Program Files\Opera
2007-12-19 23:20 --------- d-----w C:\Documents and Settings\sholland\Application Data\U3
2007-12-19 01:17 --------- d-----w C:\Program Files\Azureus
2007-12-18 14:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-18 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-18 02:53 --------- d-----w C:\Documents and Settings\sholland\Application Data\BitSpirit
2007-12-16 05:42 --------- d-----w C:\Program Files\Paint.NET
2007-12-16 01:33 --------- d-----w C:\Program Files\Common Files\Control Panels
2007-12-16 01:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-14 10:16 --------- d-----w C:\Program Files\Jitbit
2007-12-14 10:16 --------- d-----w C:\Documents and Settings\sholland\Application Data\AutoText
2007-12-14 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-14 00:24 --------- d-----w C:\Program Files\Bonjour
2007-12-13 23:59 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-08 04:56 --------- d-----w C:\Program Files\Western Digital Technologies
2007-12-04 05:15 --------- d-----w C:\Program Files\Apple Software Update
2007-12-03 08:08 --------- d-----w C:\Documents and Settings\sholland\Application Data\Ulead Systems
2007-12-03 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-03 08:05 --------- d-----w C:\Program Files\Windows Media Components
2007-12-03 08:04 --------- d-----w C:\Program Files\Common Files\SONY Digital Images
2007-12-03 08:00 --------- d-----w C:\Program Files\Ulead Systems
2007-12-03 08:00 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-12-02 10:25 --------- d-----w C:\Program Files\MagicISO
2007-12-01 10:40 --------- d-----w C:\Program Files\Google
2007-12-01 07:23 --------- d-----w C:\Program Files\iPod
2007-12-01 00:16 --------- d-----w C:\Program Files\Softomate
2007-11-28 12:01 --------- d-----w C:\Documents and Settings\sholland\Application Data\DemoCreator
2007-11-28 12:00 --------- d-----w C:\Program Files\Wondershare
2007-11-27 08:51 --------- d-----w C:\Program Files\Smart Install Maker
2007-11-27 07:43 --------- d-----w C:\Documents and Settings\sholland\Application Data\Publish Providers
2007-11-25 12:14 --------- d-----w C:\Program Files\Real Alternative
2007-11-25 12:14 --------- d-----w C:\Documents and Settings\sholland\Application Data\Media Player Classic
2007-11-24 10:57 --------- d-----w C:\Program Files\Mozilla Sunbird
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 06:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-08-11 03:05 92,064 ----a-w C:\Documents and Settings\sholland\mqdmmdm.sys
2007-08-11 03:05 9,232 ----a-w C:\Documents and Settings\sholland\mqdmmdfl.sys
2007-08-11 03:05 79,328 ----a-w C:\Documents and Settings\sholland\mqdmserd.sys
2007-08-11 03:05 66,656 ----a-w C:\Documents and Settings\sholland\mqdmbus.sys
2007-08-11 03:05 6,208 ----a-w C:\Documents and Settings\sholland\mqdmcmnt.sys
2007-08-11 03:05 5,936 ----a-w C:\Documents and Settings\sholland\mqdmwhnt.sys
2007-08-11 03:05 4,048 ----a-w C:\Documents and Settings\sholland\mqdmcr.sys
2007-08-11 03:05 25,600 ----a-w C:\Documents and Settings\sholland\usbsermptxp.sys
2007-08-11 03:05 22,768 ----a-w C:\Documents and Settings\sholland\usbsermpt.sys
2006-10-02 15:43 2,402,550 ----a-w C:\WINDOWS\inf\SET50.tmp
2006-08-05 07:20 0 -c--a-w C:\Program Files\gditst
2006-06-23 04:05 128 ----a-w C:\Program Files\hummer1210.txt
2006-06-23 04:05 128 ----a-w C:\Program Files\hummer0707.txt
2006-06-23 04:05 128 ----a-w C:\Program Files\hummer050707.txt
2006-06-23 04:05 128 ----a-w C:\Program Files\hummer0203.txt
2004-11-22 00:42 34 -c--a-w C:\Program Files\script.bat
2004-08-03 14:56 343,040 ----a-w C:\Program Files\mspaint.exe
2004-08-03 14:56 524 --sh--r C:\WINDOWS\sscfgwin.sys
.
<pre>
----a-w				 0 2007-12-23 15:18:54  C:\Acer\ePM\ePM .exe
----a-w		   151,552 2007-12-23 15:18:34  C:\Acer\ePM\epm-dm .exe
----a-w		   339,968 2007-12-24 08:25:27  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w			14,088 2007-12-26 00:34:56  C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader .exe
----a-w			66,680 2007-12-23 15:18:34  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w			40,960 2007-12-23 15:18:34  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w		   356,352 2007-12-24 08:17:28  C:\Program Files\Intel\Wireless\Bin\EOUWiz .exe
----a-w		   385,024 2007-12-23 15:18:54  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w		   303,104 2007-12-26 00:33:17  C:\Program Files\Launch Manager\QtZgAcer .EXE
----a-w			61,440 2007-12-23 12:27:04  C:\Program Files\LIVEUPDATE\LiveUpdate .exe
----a-w		   261,632 2007-12-23 01:57:51  C:\Program Files\Mgboss\mgboss .exe
----a-w		   184,320 2007-12-23 15:18:54  C:\Program Files\PaperCut NG Client\pc-client .exe
----a-w		   286,720 2007-12-23 15:18:34  C:\Program Files\QuickTime\QTTask .exe
----a-w		   161,096 2007-12-23 15:18:34  C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w				 0 2007-12-23 15:18:54  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w			98,304 2007-12-23 15:18:34  C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w		 3,401,152 2007-12-22 12:43:56  C:\Program Files\Titan Backup\Titanbackup .exe
----a-w		 1,024,000 2007-12-23 15:18:39  C:\Program Files\Weather Watcher\ww .exe
----a-w		   221,184 2007-12-23 15:18:54  C:\WINDOWS\system32\LVCOMSX .EXE
</pre>


((((((((((((((((((((((((((((( snapshot_2008-01-21_14.11.04.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2000-08-30 21:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-21 14:19:57 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-21 14:19:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-21 14:20:01 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-21 14:20:03 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-21 14:20:07 12,275,712 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-21 14:20:09 421,888 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2007-03-12 23:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-30 21:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-12-20 13:27:02 110,592 ----a-w C:\WINDOWS\rnapxs\CSDK\urlcache\domainNames.dat
+ 2008-01-21 13:19:06 139,264 ----a-w C:\WINDOWS\rnapxs\CSDK\urlcache\domainNames.dat
- 2007-12-20 13:27:02 1,200,128 ----a-w C:\WINDOWS\rnapxs\CSDK\urlcache\urlCacheDb.dat
+ 2008-01-21 14:31:18 1,339,392 ----a-w C:\WINDOWS\rnapxs\CSDK\urlcache\urlCacheDb.dat
- 2006-08-17 12:28:27 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2007-06-11 06:53:36 359,808 -c--a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-06-11 06:53:36 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-01 23:21:38 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-13 10:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-30 21:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 01:56 33280 C:\WINDOWS\system32\rundll32.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 18:47 67072 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 03:41 88363 C:\WINDOWS\AGRSMMSG.exe]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [ ]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [ ]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [ ]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [ ]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [ ]
"PaperCut NG Client"="C:\Program Files\PaperCut NG Client\pc-client.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [ ]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [ ]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe" [ ]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [ ]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [ ]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
PASPortal.lnk - C:\WINDOWS\Installer\{53CBBD51-88E8-44AD-9F3F-D072743E835E}\NewShortcut1.exe [2004-12-07 12:51:06 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideStartupScripts"= 0 (0x0)
"RunLogonScriptSync"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoSecurityTab"= 1 (0x1)
"NoUserNameInStartMenu"= 01000000
"ForceStartMenuLogOff"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [2007-10-15 21:40 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 16:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-12-28 10:24 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 10:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 13:30]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 13:30]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 14:21]
R1 LADriver;LADriver;C:\WINDOWS\system32\drivers\LADriver.sys [2005-09-22 05:12]
R1 LDDriver;LDDriver;C:\WINDOWS\system32\drivers\LDDriver.sys [2005-09-22 04:17]
R1 LHDriver;LHDriver;C:\WINDOWS\system32\drivers\LHDriver.sys [2005-09-22 05:21]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-18 00:57]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-08-14 20:59]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 10:24]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 12:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 12:55]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 11:50]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 11:50]
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-18 10:24]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 10:24]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 13:30]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 15:15]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-11-14 18:30]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-04 10:07]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 PASCO;PASCO PASPORT USB Driver (PSSensor.sys);C:\WINDOWS\system32\Drivers\PSSensor.sys [2002-07-17 08:29]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\sholland\LOCALS~1\Temp\iMSPCLOj.sys []
S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-11-22 15:37]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2007-03-07 22:44]
S3 USB11LDR;USB Midi 1x1 Loader;C:\WINDOWS\system32\drivers\usb11ldr.sys [2002-09-25 16:02]
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
S3 USBMM1X1;USB Midi 1x1 USB Driver;C:\WINDOWS\system32\drivers\usbmm1x1.sys [2002-09-25 16:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22dc040-93a8-11db-9c99-000e359e5564}]
\Shell\AutoRun\command - G:\Launcher.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 08:29:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-25 11:09:36 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as SHOLLAND at 21 01.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2006-10-10 23:21:20 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 10:30:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-22 10:37:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-21 23:37:08
ComboFix2.txt 2008-01-21 03:40:59
ComboFix3.txt 2007-12-26 00:42:29
ComboFix4.txt 2007-12-25 01:00:23
.
2008-01-21 16:03:20 --- E O F ---

Edited by Tixylix, 21 January 2008 - 07:26 PM.


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:05 AM

Posted 22 January 2008 - 08:18 AM

Do you still have RenV.exe on your desktop?
Copy this text below in notepad and save it to you desktop as Log.txt

----a-w				 0 2007-12-23 15:18:54  C:\Acer\ePM\ePM .exe
----a-w		   151,552 2007-12-23 15:18:34  C:\Acer\ePM\epm-dm .exe
----a-w		   339,968 2007-12-24 08:25:27  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w			14,088 2007-12-26 00:34:56  C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader .exe
----a-w			66,680 2007-12-23 15:18:34  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w			40,960 2007-12-23 15:18:34  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w		   356,352 2007-12-24 08:17:28  C:\Program Files\Intel\Wireless\Bin\EOUWiz .exe
----a-w		   385,024 2007-12-23 15:18:54  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w		   303,104 2007-12-26 00:33:17  C:\Program Files\Launch Manager\QtZgAcer .EXE
----a-w			61,440 2007-12-23 12:27:04  C:\Program Files\LIVEUPDATE\LiveUpdate .exe
----a-w		   261,632 2007-12-23 01:57:51  C:\Program Files\Mgboss\mgboss .exe
----a-w		   184,320 2007-12-23 15:18:54  C:\Program Files\PaperCut NG Client\pc-client .exe
----a-w		   286,720 2007-12-23 15:18:34  C:\Program Files\QuickTime\QTTask .exe
----a-w		   161,096 2007-12-23 15:18:34  C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w				 0 2007-12-23 15:18:54  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w			98,304 2007-12-23 15:18:34  C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w		 3,401,152 2007-12-22 12:43:56  C:\Program Files\Titan Backup\Titanbackup .exe
----a-w		 1,024,000 2007-12-23 15:18:39  C:\Program Files\Weather Watcher\ww .exe
----a-w		   221,184 2007-12-23 15:18:54  C:\WINDOWS\system32\LVCOMSX .EXE

Posted Image

Refering to the picture above, drag Log.txt into RenV.exe
When finished, it shall produce a new log for you. Post that log in your next reply.


==================


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\gebca.exe

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Tixylix

Tixylix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 22 January 2008 - 08:24 AM

Ran on 2008-01-23 -  0:24:08.99



 Entries:				0  (0)

 Directories:			0  Files:			 0

 Bytes:				  0  Blocks:			0

Edited by Tixylix, 22 January 2008 - 08:25 AM.


#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:05 AM

Posted 22 January 2008 - 08:32 AM

Ok, that's good. Proceed with combofix step now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Tixylix

Tixylix
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 22 January 2008 - 08:37 AM

ComboFix

ComboFix 08-01-20.1 - SHOLLAND 2008-01-23 0:28:03.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.367 [GMT 11:00]
Running from: C:\Documents and Settings\sholland\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sholland\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\gebca.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gebca.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.

2008-01-22 20:52 . 2008-01-22 20:52 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-22 17:59 . 2008-01-22 18:15 <DIR> d-------- C:\Documents and Settings\sholland\Application Data\Direct Access
2008-01-22 17:58 . 2008-01-22 18:02 <DIR> d-------- C:\Program Files\Direct Access
2008-01-22 01:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-28 05:20 . 2007-12-28 05:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-27 13:21 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-27 13:21 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-27 13:21 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-27 09:19 . 2007-12-27 09:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-26 22:25 . 2007-12-26 22:45 <DIR> d-------- C:\Documents and Settings\sholland\Application Data\LimeWire
2007-12-26 22:24 . 2007-12-26 22:24 <DIR> d-------- C:\Program Files\LimeWire
2007-12-26 11:31 . 2004-08-04 01:56 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-26 11:31 . 2004-08-04 01:56 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-25 11:48 . 2004-08-03 23:32 455,168 --a--c--- C:\WINDOWS\system32\dllcache\tintsetp.exe
2007-12-24 23:07 . 2007-12-24 23:07 17 --a------ C:\stinger.opt
2007-12-24 22:37 . 2007-12-24 22:38 1,953,799 --a------ C:\stinger.exe
2007-12-24 21:26 . 2008-01-22 12:17 66,670 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-12-24 21:26 . 2008-01-22 12:17 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-12-24 21:26 . 2008-01-22 12:17 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-12-24 21:26 . 2008-01-22 12:17 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-12-24 21:26 . 2008-01-22 12:17 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-12-24 21:26 . 2008-01-22 12:17 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-12-24 21:26 . 2008-01-22 12:17 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-12-24 21:26 . 2008-01-22 12:17 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-12-24 21:02 . 2008-01-22 22:48 <DIR> d-------- C:\Documents and Settings\sholland\Application Data\CallingID
2007-12-24 21:00 . 2007-12-24 21:00 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-12-24 21:00 . 2007-11-23 11:48 879,784 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-12-24 21:00 . 2007-11-23 11:48 108,312 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-12-24 21:00 . 2007-11-23 11:48 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2007-12-24 21:00 . 2007-11-23 11:48 91,400 --a------ C:\WINDOWS\system32\isafprod.dll
2007-12-24 21:00 . 2007-11-23 11:48 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2007-12-24 21:00 . 2007-11-23 11:48 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-12-24 21:00 . 2007-11-23 11:48 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-12-24 21:00 . 2007-11-23 11:48 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-12-24 21:00 . 2007-11-23 11:48 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-12-24 20:59 . 2007-12-24 20:59 2,732,032 --a------ C:\WINDOWS\system32\win32cpr.dll
2007-12-24 20:59 . 2007-11-14 12:26 1,830,912 --a------ C:\WINDOWS\system32\winsflte.dll
2007-12-24 20:59 . 2007-12-24 20:59 1,564,771 --a------ C:\WINDOWS\system32\winsflt.dll
2007-12-24 20:59 . 2007-11-14 12:34 1,212,416 --a------ C:\WINDOWS\system32\mdmcls32.exe
2007-12-24 20:58 . 2007-12-24 20:59 <DIR> d-------- C:\WINDOWS\rnapxs
2007-12-24 20:58 . 2002-01-01 13:02 7,440 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-24 20:52 . 2007-12-24 21:00 <DIR> d-------- C:\Program Files\CA
2007-12-24 20:52 . 2007-12-24 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-12-24 18:19 . 2007-12-24 18:19 532,480 --a------ C:\cwshredder.exe
2007-12-24 18:09 . 2007-12-24 18:09 335,992 --a------ C:\Dial-a-fix-v0.60.0.24.zip
2007-12-24 16:07 . 2007-12-24 16:01 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-24 16:01 . 2007-12-24 16:09 <DIR> d-------- C:\Documents and Settings\sholland\.housecall6.6
2007-12-24 12:37 . 2007-12-24 12:37 <DIR> d-------- C:\Documents and Settings\sholland\Application Data\Grisoft
2007-12-24 12:34 . 2007-12-24 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 12:08 . 2007-12-24 11:43 12,413,440 --a------ C:\avgas-setup-7.5.1.43.exe
2007-12-24 11:38 . 2007-12-24 11:37 107,640 --a------ C:\OiUninstaller.exe
2007-12-24 11:33 . 2007-12-24 11:33 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 11:28 . 2007-12-24 11:29 812,344 --a------ C:\HJTInstall.exe
2007-12-23 23:47 . 2007-12-23 23:47 <DIR> d-------- C:\Program Files\IObit
2007-12-23 23:47 . 2008-01-22 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-23 22:29 . 2007-12-23 22:29 4 --a------ C:\WINDOWS\system32\wnsm2i.rdb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 13:28 --------- d-----w C:\Documents and Settings\sholland\Application Data\Azureus
2008-01-22 13:24 --------- d-----w C:\Program Files\Weather Watcher
2008-01-22 13:24 --------- d-----w C:\Program Files\Titan Backup
2008-01-22 13:24 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-22 13:24 --------- d-----w C:\Program Files\QuickTime
2008-01-22 13:24 --------- d-----w C:\Program Files\PaperCut NG Client
2008-01-22 13:24 --------- d-----w C:\Program Files\Mgboss
2008-01-22 13:24 --------- d-----w C:\Program Files\LIVEUPDATE
2008-01-22 13:24 --------- d-----w C:\Program Files\Launch Manager
2008-01-22 13:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-22 13:20 --------- d-----w C:\Program Files\MSN-History
2008-01-22 11:35 --------- d-----w C:\Program Files\TextAloud
2008-01-22 07:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-22 07:51 --------- d-----w C:\Program Files\Microsoft Works
2008-01-22 07:00 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-21 15:12 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-21 15:12 --------- d-----w C:\Program Files\iTunes
2007-12-27 11:38 --------- d-----w C:\Program Files\Lavasoft
2007-12-27 11:36 --------- d-----w C:\Program Files\Symantec
2007-12-24 10:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 10:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-24 10:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 04:18 --------- d-----w C:\Program Files\Sony
2007-12-23 03:34 --------- d-----w C:\Program Files\UBISOFT
2007-12-20 09:16 --------- d-----w C:\Program Files\Macromedia
2007-12-20 08:46 --------- d-----w C:\Program Files\Opera
2007-12-19 23:20 --------- d-----w C:\Documents and Settings\sholland\Application Data\U3
2007-12-19 01:17 --------- d-----w C:\Program Files\Azureus
2007-12-18 14:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-18 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-18 02:53 --------- d-----w C:\Documents and Settings\sholland\Application Data\BitSpirit
2007-12-16 05:42 --------- d-----w C:\Program Files\Paint.NET
2007-12-16 01:33 --------- d-----w C:\Program Files\Common Files\Control Panels
2007-12-16 01:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-14 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-14 00:24 --------- d-----w C:\Program Files\Bonjour
2007-12-13 23:59 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-08 04:56 --------- d-----w C:\Program Files\Western Digital Technologies
2007-12-04 05:15 --------- d-----w C:\Program Files\Apple Software Update
2007-12-03 08:08 --------- d-----w C:\Documents and Settings\sholland\Application Data\Ulead Systems
2007-12-03 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-03 08:05 --------- d-----w C:\Program Files\Windows Media Components
2007-12-03 08:04 --------- d-----w C:\Program Files\Common Files\SONY Digital Images
2007-12-03 08:00 --------- d-----w C:\Program Files\Ulead Systems
2007-12-03 08:00 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-12-02 10:25 --------- d-----w C:\Program Files\MagicISO
2007-12-01 10:40 --------- d-----w C:\Program Files\Google
2007-12-01 07:23 --------- d-----w C:\Program Files\iPod
2007-12-01 00:16 --------- d-----w C:\Program Files\Softomate
2007-11-28 12:01 --------- d-----w C:\Documents and Settings\sholland\Application Data\DemoCreator
2007-11-28 12:00 --------- d-----w C:\Program Files\Wondershare
2007-11-27 08:51 --------- d-----w C:\Program Files\Smart Install Maker
2007-11-27 07:43 --------- d-----w C:\Documents and Settings\sholland\Application Data\Publish Providers
2007-11-25 12:14 --------- d-----w C:\Program Files\Real Alternative
2007-11-25 12:14 --------- d-----w C:\Documents and Settings\sholland\Application Data\Media Player Classic
2007-11-24 10:57 --------- d-----w C:\Program Files\Mozilla Sunbird
2007-08-11 03:05 92,064 ----a-w C:\Documents and Settings\sholland\mqdmmdm.sys
2007-08-11 03:05 9,232 ----a-w C:\Documents and Settings\sholland\mqdmmdfl.sys
2007-08-11 03:05 79,328 ----a-w C:\Documents and Settings\sholland\mqdmserd.sys
2007-08-11 03:05 66,656 ----a-w C:\Documents and Settings\sholland\mqdmbus.sys
2007-08-11 03:05 6,208 ----a-w C:\Documents and Settings\sholland\mqdmcmnt.sys
2007-08-11 03:05 5,936 ----a-w C:\Documents and Settings\sholland\mqdmwhnt.sys
2007-08-11 03:05 4,048 ----a-w C:\Documents and Settings\sholland\mqdmcr.sys
2007-08-11 03:05 25,600 ----a-w C:\Documents and Settings\sholland\usbsermptxp.sys
2007-08-11 03:05 22,768 ----a-w C:\Documents and Settings\sholland\usbsermpt.sys
2006-10-02 15:43 2,402,550 ----a-w C:\WINDOWS\inf\SET50.tmp
2006-08-05 07:20 0 -c--a-w C:\Program Files\gditst
2006-06-23 04:05 128 ----a-w C:\Program Files\hummer1210.txt
2006-06-23 04:05 128 ----a-w C:\Program Files\hummer0707.txt
2006-06-23 04:05 128 ----a-w C:\Program Files\hummer050707.txt
2006-06-23 04:05 128 ----a-w C:\Program Files\hummer0203.txt
2004-11-22 00:42 34 -c--a-w C:\Program Files\script.bat
2004-08-03 14:56 343,040 ----a-w C:\Program Files\mspaint.exe
2004-08-03 14:56 524 --sh--r C:\WINDOWS\sscfgwin.sys
.

((((((((((((((((((((((((((((( snapshot_2008-01-22_10.35.32.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 14:19:57 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-22 13:27:02 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-21 14:19:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-22 13:27:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-21 14:20:01 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-22 13:27:03 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-21 14:20:03 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-22 13:27:03 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-21 14:20:07 12,275,712 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-22 13:27:07 12,275,712 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-21 14:20:09 421,888 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-22 13:27:07 421,888 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-21 13:19:06 139,264 ----a-w C:\WINDOWS\rnapxs\CSDK\urlcache\domainNames.dat
+ 2008-01-22 13:08:47 192,512 ----a-w C:\WINDOWS\rnapxs\CSDK\urlcache\domainNames.dat
- 2008-01-21 14:31:18 1,339,392 ----a-w C:\WINDOWS\rnapxs\CSDK\urlcache\urlCacheDb.dat
+ 2008-01-22 13:09:57 1,978,368 ----a-w C:\WINDOWS\rnapxs\CSDK\urlcache\urlCacheDb.dat
+ 2007-04-10 03:00:46 236,928 -c----w C:\WINDOWS\system32\dllcache\WgaLogon.dll
+ 2007-04-10 03:01:18 336,768 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe
- 2006-05-17 01:23:38 579,888 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-04-10 03:02:50 1,476,992 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2006-09-25 06:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-12-10 03:10:02 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-04-10 03:00:46 236,928 ------w C:\WINDOWS\system32\WgaLogon.dll
+ 2007-04-10 03:01:18 336,768 ------w C:\WINDOWS\system32\WgaTray.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 01:56 33280 C:\WINDOWS\system32\rundll32.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 18:47 67072 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 03:41 88363 C:\WINDOWS\AGRSMMSG.exe]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [ ]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [ ]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [ ]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [ ]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [ ]
"PaperCut NG Client"="C:\Program Files\PaperCut NG Client\pc-client.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [ ]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [ ]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe" [ ]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [ ]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [ ]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [ ]

C:\Documents and Settings\sholland\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-07 12:39:35 113664]
Nagarsoft Direct Access.lnk - C:\Program Files\Direct Access\DirectAccess.exe [2008-01-22 17:58:30 3224296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
PASPortal.lnk - C:\WINDOWS\Installer\{53CBBD51-88E8-44AD-9F3F-D072743E835E}\NewShortcut1.exe [2004-12-07 12:51:06 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideStartupScripts"= 0 (0x0)
"RunLogonScriptSync"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoSecurityTab"= 1 (0x1)
"NoUserNameInStartMenu"= 01000000
"ForceStartMenuLogOff"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [2007-10-15 21:40 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 16:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-12-28 10:24 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 10:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 13:30]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 13:30]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 14:21]
R1 LADriver;LADriver;C:\WINDOWS\system32\drivers\LADriver.sys [2005-09-22 05:12]
R1 LDDriver;LDDriver;C:\WINDOWS\system32\drivers\LDDriver.sys [2005-09-22 04:17]
R1 LHDriver;LHDriver;C:\WINDOWS\system32\drivers\LHDriver.sys [2005-09-22 05:21]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-18 00:57]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-08-14 20:59]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 10:24]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 12:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 12:55]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 11:50]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 11:50]
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-18 10:24]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 10:24]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 13:30]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 15:15]
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-11-22 15:37]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-11-14 18:30]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-04 10:07]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 PASCO;PASCO PASPORT USB Driver (PSSensor.sys);C:\WINDOWS\system32\Drivers\PSSensor.sys [2002-07-17 08:29]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\sholland\LOCALS~1\Temp\iMSPCLOj.sys []
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2007-03-07 22:44]
S3 USB11LDR;USB Midi 1x1 Loader;C:\WINDOWS\system32\drivers\usb11ldr.sys [2002-09-25 16:02]
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;C:\WINDOWS\system32\drivers\usbmidim.sys [2002-09-25 16:02]
S3 USBMM1X1;USB Midi 1x1 USB Driver;C:\WINDOWS\system32\drivers\usbmm1x1.sys [2002-09-25 16:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22dc040-93a8-11db-9c99-000e359e5564}]
\Shell\AutoRun\command - G:\Launcher.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 08:29:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-25 11:09:36 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as SHOLLAND at 21 01.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2006-10-10 23:21:20 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 00:32:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-23 0:34:42
ComboFix-quarantined-files.txt 2008-01-22 13:34:34
ComboFix2.txt 2008-01-21 23:37:23
ComboFix3.txt 2008-01-21 03:40:59
ComboFix4.txt 2007-12-26 00:42:29
ComboFix5.txt 2007-12-25 01:00:23
.
2008-01-22 00:10:47 --- E O F ---

--------------------------------------------------------------------------------

HijackThis Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DataStudio\PASPortal.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Direct Access\DirectAccess.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\bin\tbcore3U.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PaperCut NG Client] C:\Program Files\PaperCut NG Client\pc-client.exe /silent /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Nagarsoft Direct Access.lnk = C:\Program Files\Direct Access\DirectAccess.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PASPortal.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101857210422
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = peninsula.vic.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = peninsula.vic.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{886C52E5-66A5-4AAC-9B72-215E291A445E}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = peninsula.vic.edu.au
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: MaxBackServiceInt - Logitech Inc. - (no file)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9883 bytes





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users